org.apache.inlong.sort.filesystem.shaded.com.amazonaws.services.kms.model.CreateKeyRequest Maven / Gradle / Ivy
/*
* Copyright 2017-2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package com.amazonaws.services.kms.model;
import java.io.Serializable;
import javax.annotation.Generated;
import com.amazonaws.AmazonWebServiceRequest;
/**
*
* @see AWS API
* Documentation
*/
@Generated("com.amazonaws:aws-java-sdk-code-generator")
public class CreateKeyRequest extends com.amazonaws.AmazonWebServiceRequest implements Serializable, Cloneable {
/**
*
* The key policy to attach to the KMS key. If you do not specify a key policy, KMS attaches a default key policy to
* the KMS key. For more information, see Default key
* policy in the Key Management Service Developer Guide.
*
*
* If you provide a key policy, it must meet the following criteria:
*
*
* -
*
* If you don't set BypassPolicyLockoutSafetyCheck to True, the key policy must allow the
* principal that is making the CreateKey request to make a subsequent PutKeyPolicy request on
* the KMS key. This reduces the risk that the KMS key becomes unmanageable. For more information, refer to the
* scenario in the Default Key Policy section of the Key Management Service Developer Guide .
*
*
* -
*
* Each statement in the key policy must contain one or more principals. The principals in the key policy must exist
* and be visible to KMS. When you create a new Amazon Web Services principal (for example, an IAM user or role),
* you might need to enforce a delay before including the new principal in a key policy because the new principal
* might not be immediately visible to KMS. For more information, see Changes that I make are not always immediately visible in the Amazon Web Services Identity and Access
* Management User Guide.
*
*
*
*
* A key policy document can include only the following characters:
*
*
* -
*
* Printable ASCII characters from the space character (\u0020) through the end of the ASCII character
* range.
*
*
* -
*
* Printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF).
*
*
* -
*
* The tab (\u0009), line feed (\u000A), and carriage return (\u000D) special
* characters
*
*
*
*
* For information about key policies, see Key policies in KMS in the
* Key Management Service Developer Guide. For help writing and formatting a JSON policy document, see the IAM JSON Policy Reference in
* the Identity and Access Management User Guide .
*
*/
private String policy;
/**
*
* A description of the KMS key.
*
*
* Use a description that helps you decide whether the KMS key is appropriate for a task. The default value is an
* empty string (no description).
*
*
* To set or change the description after the key is created, use UpdateKeyDescription.
*
*/
private String description;
/**
*
* Determines the cryptographic
* operations for which you can use the KMS key. The default value is ENCRYPT_DECRYPT. This
* parameter is optional when you are creating a symmetric encryption KMS key; otherwise, it is required. You can't
* change the KeyUsage value after the KMS key is created.
*
*
* Select only one valid value.
*
*
* -
*
* For symmetric encryption KMS keys, omit the parameter or specify ENCRYPT_DECRYPT.
*
*
* -
*
* For HMAC KMS keys (symmetric), specify GENERATE_VERIFY_MAC.
*
*
* -
*
* For asymmetric KMS keys with RSA key material, specify ENCRYPT_DECRYPT or SIGN_VERIFY.
*
*
* -
*
* For asymmetric KMS keys with ECC key material, specify SIGN_VERIFY.
*
*
* -
*
* For asymmetric KMS keys with SM2 key material (China Regions only), specify ENCRYPT_DECRYPT or
* SIGN_VERIFY.
*
*
*
*/
private String keyUsage;
/**
*
* Instead, use the KeySpec parameter.
*
*
* The KeySpec and CustomerMasterKeySpec parameters work the same way. Only the names
* differ. We recommend that you use KeySpec parameter in your code. However, to avoid breaking
* changes, KMS will support both parameters.
*
*/
@Deprecated
private String customerMasterKeySpec;
/**
*
* Specifies the type of KMS key to create. The default value, SYMMETRIC_DEFAULT, creates a KMS key
* with a 256-bit AES-GCM key that is used for encryption and decryption, except in China Regions, where it creates
* a 128-bit symmetric key that uses SM4 encryption. For help choosing a key spec for your KMS key, see Choosing a KMS key
* type in the Key Management Service Developer Guide .
*
*
* The KeySpec determines whether the KMS key contains a symmetric key or an asymmetric key pair. It
* also determines the cryptographic algorithms that the KMS key supports. You can't change the KeySpec
* after the KMS key is created. To further restrict the algorithms that can be used with the KMS key, use a
* condition key in its key policy or IAM policy. For more information, see kms:EncryptionAlgorithm, kms:MacAlgorithm or kms:Signing Algorithm in the Key Management Service Developer Guide .
*
*
*
* Amazon Web Services services that are
* integrated with KMS use symmetric encryption KMS keys to protect your data. These services do not support
* asymmetric KMS keys or HMAC KMS keys.
*
*
*
* KMS supports the following key specs for KMS keys:
*
*
* -
*
* Symmetric encryption key (default)
*
*
* -
*
* SYMMETRIC_DEFAULT
*
*
*
*
* -
*
* HMAC keys (symmetric)
*
*
* -
*
* HMAC_224
*
*
* -
*
* HMAC_256
*
*
* -
*
* HMAC_384
*
*
* -
*
* HMAC_512
*
*
*
*
* -
*
* Asymmetric RSA key pairs
*
*
* -
*
* RSA_2048
*
*
* -
*
* RSA_3072
*
*
* -
*
* RSA_4096
*
*
*
*
* -
*
* Asymmetric NIST-recommended elliptic curve key pairs
*
*
* -
*
* ECC_NIST_P256 (secp256r1)
*
*
* -
*
* ECC_NIST_P384 (secp384r1)
*
*
* -
*
* ECC_NIST_P521 (secp521r1)
*
*
*
*
* -
*
* Other asymmetric elliptic curve key pairs
*
*
* -
*
* ECC_SECG_P256K1 (secp256k1), commonly used for cryptocurrencies.
*
*
*
*
* -
*
* SM2 key pairs (China Regions only)
*
*
* -
*
* SM2
*
*
*
*
*
*/
private String keySpec;
/**
*
* The source of the key material for the KMS key. You cannot change the origin after you create the KMS key. The
* default is AWS_KMS, which means that KMS creates the key material.
*
*
* To create a KMS key with no key material (for imported key material), set the value to EXTERNAL. For
* more information about importing key material into KMS, see Importing Key Material in
* the Key Management Service Developer Guide. This value is valid only for symmetric encryption KMS keys.
*
*
* To create a KMS key in an KMS custom key store
* and create its key material in the associated CloudHSM cluster, set this value to AWS_CLOUDHSM. You
* must also use the CustomKeyStoreId parameter to identify the custom key store. This value is valid
* only for symmetric encryption KMS keys.
*
*/
private String origin;
/**
*
* Creates the KMS key in the specified custom key store
* and the key material in its associated CloudHSM cluster. To create a KMS key in a custom key store, you must also
* specify the Origin parameter with a value of AWS_CLOUDHSM. The CloudHSM cluster that is
* associated with the custom key store must have at least two active HSMs, each in a different Availability Zone in
* the Region.
*
*
* This parameter is valid only for symmetric encryption KMS keys in a single Region. You cannot create any other
* type of KMS key in a custom key store.
*
*
* To find the ID of a custom key store, use the DescribeCustomKeyStores operation.
*
*
* The response includes the custom key store ID and the ID of the CloudHSM cluster.
*
*
* This operation is part of the custom key store
* feature feature in KMS, which combines the convenience and extensive integration of KMS with the isolation
* and control of a single-tenant key store.
*
*/
private String customKeyStoreId;
/**
*
* A flag to indicate whether to bypass the key policy lockout safety check.
*
*
*
* Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to
* true indiscriminately.
*
*
* For more information, refer to the scenario in the Default Key Policy section in the Key Management Service Developer Guide .
*
*
*
* Use this parameter only when you include a policy in the request and you intend to prevent the principal that is
* making the request from making a subsequent PutKeyPolicy request on the KMS key.
*
*
* The default value is false.
*
*/
private Boolean bypassPolicyLockoutSafetyCheck;
/**
*
* Assigns one or more tags to the KMS key. Use this parameter to tag the KMS key when it is created. To tag an
* existing KMS key, use the TagResource operation.
*
*
*
* Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see ABAC in KMS in the Key Management
* Service Developer Guide.
*
*
*
* To use this parameter, you must have kms:TagResource permission in an IAM policy.
*
*
* Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the tag
* value can be an empty (null) string. You cannot have more than one tag on a KMS key with the same tag key. If you
* specify an existing tag key with a different tag value, KMS replaces the current tag value with the specified
* one.
*
*
* When you add tags to an Amazon Web Services resource, Amazon Web Services generates a cost allocation report with
* usage and costs aggregated by tags. Tags can also be used to control access to a KMS key. For details, see Tagging Keys.
*
*/
private com.amazonaws.internal.SdkInternalList tags;
/**
*
* Creates a multi-Region primary key that you can replicate into other Amazon Web Services Regions. You cannot
* change this value after you create the KMS key.
*
*
* For a multi-Region key, set this parameter to True. For a single-Region KMS key, omit this parameter
* or set it to False. The default value is False.
*
*
* This operation supports multi-Region keys, an KMS feature that lets you create multiple interoperable KMS
* keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key material, and
* other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt it
* in a different Amazon Web Services Region without re-encrypting the data or making a cross-Region call. For more
* information about multi-Region keys, see Multi-Region keys in
* KMS in the Key Management Service Developer Guide.
*
*
* This value creates a primary key, not a replica. To create a replica key, use the
* ReplicateKey operation.
*
*
* You can create a multi-Region version of a symmetric encryption KMS key, an HMAC KMS key, an asymmetric KMS key,
* or a KMS key with imported key material. However, you cannot create a multi-Region key in a custom key store.
*
*/
private Boolean multiRegion;
/**
*
* The key policy to attach to the KMS key. If you do not specify a key policy, KMS attaches a default key policy to
* the KMS key. For more information, see Default key
* policy in the Key Management Service Developer Guide.
*
*
* If you provide a key policy, it must meet the following criteria:
*
*
* -
*
* If you don't set BypassPolicyLockoutSafetyCheck to True, the key policy must allow the
* principal that is making the CreateKey request to make a subsequent PutKeyPolicy request on
* the KMS key. This reduces the risk that the KMS key becomes unmanageable. For more information, refer to the
* scenario in the Default Key Policy section of the Key Management Service Developer Guide .
*
*
* -
*
* Each statement in the key policy must contain one or more principals. The principals in the key policy must exist
* and be visible to KMS. When you create a new Amazon Web Services principal (for example, an IAM user or role),
* you might need to enforce a delay before including the new principal in a key policy because the new principal
* might not be immediately visible to KMS. For more information, see Changes that I make are not always immediately visible in the Amazon Web Services Identity and Access
* Management User Guide.
*
*
*
*
* A key policy document can include only the following characters:
*
*
* -
*
* Printable ASCII characters from the space character (\u0020) through the end of the ASCII character
* range.
*
*
* -
*
* Printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF).
*
*
* -
*
* The tab (\u0009), line feed (\u000A), and carriage return (\u000D) special
* characters
*
*
*
*
* For information about key policies, see Key policies in KMS in the
* Key Management Service Developer Guide. For help writing and formatting a JSON policy document, see the IAM JSON Policy Reference in
* the Identity and Access Management User Guide .
*
*
* @param policy
* The key policy to attach to the KMS key. If you do not specify a key policy, KMS attaches a default key
* policy to the KMS key. For more information, see Default
* key policy in the Key Management Service Developer Guide.
*
* If you provide a key policy, it must meet the following criteria:
*
*
* -
*
* If you don't set BypassPolicyLockoutSafetyCheck to True, the key policy must
* allow the principal that is making the CreateKey request to make a subsequent
* PutKeyPolicy request on the KMS key. This reduces the risk that the KMS key becomes unmanageable.
* For more information, refer to the scenario in the Default Key Policy section of the Key Management Service Developer Guide .
*
*
* -
*
* Each statement in the key policy must contain one or more principals. The principals in the key policy
* must exist and be visible to KMS. When you create a new Amazon Web Services principal (for example, an IAM
* user or role), you might need to enforce a delay before including the new principal in a key policy
* because the new principal might not be immediately visible to KMS. For more information, see Changes that I make are not always immediately visible in the Amazon Web Services Identity and
* Access Management User Guide.
*
*
*
*
* A key policy document can include only the following characters:
*
*
* -
*
* Printable ASCII characters from the space character (\u0020) through the end of the ASCII
* character range.
*
*
* -
*
* Printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF
* ).
*
*
* -
*
* The tab (\u0009), line feed (\u000A), and carriage return (\u000D)
* special characters
*
*
*
*
* For information about key policies, see Key policies in KMS in
* the Key Management Service Developer Guide. For help writing and formatting a JSON policy document,
* see the IAM JSON Policy
* Reference in the Identity and Access Management User Guide .
*/
public void setPolicy(String policy) {
this.policy = policy;
}
/**
*
* The key policy to attach to the KMS key. If you do not specify a key policy, KMS attaches a default key policy to
* the KMS key. For more information, see Default key
* policy in the Key Management Service Developer Guide.
*
*
* If you provide a key policy, it must meet the following criteria:
*
*
* -
*
* If you don't set BypassPolicyLockoutSafetyCheck to True, the key policy must allow the
* principal that is making the CreateKey request to make a subsequent PutKeyPolicy request on
* the KMS key. This reduces the risk that the KMS key becomes unmanageable. For more information, refer to the
* scenario in the Default Key Policy section of the Key Management Service Developer Guide .
*
*
* -
*
* Each statement in the key policy must contain one or more principals. The principals in the key policy must exist
* and be visible to KMS. When you create a new Amazon Web Services principal (for example, an IAM user or role),
* you might need to enforce a delay before including the new principal in a key policy because the new principal
* might not be immediately visible to KMS. For more information, see Changes that I make are not always immediately visible in the Amazon Web Services Identity and Access
* Management User Guide.
*
*
*
*
* A key policy document can include only the following characters:
*
*
* -
*
* Printable ASCII characters from the space character (\u0020) through the end of the ASCII character
* range.
*
*
* -
*
* Printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF).
*
*
* -
*
* The tab (\u0009), line feed (\u000A), and carriage return (\u000D) special
* characters
*
*
*
*
* For information about key policies, see Key policies in KMS in the
* Key Management Service Developer Guide. For help writing and formatting a JSON policy document, see the IAM JSON Policy Reference in
* the Identity and Access Management User Guide .
*
*
* @return The key policy to attach to the KMS key. If you do not specify a key policy, KMS attaches a default key
* policy to the KMS key. For more information, see Default
* key policy in the Key Management Service Developer Guide.
*
* If you provide a key policy, it must meet the following criteria:
*
*
* -
*
* If you don't set BypassPolicyLockoutSafetyCheck to True, the key policy must
* allow the principal that is making the CreateKey request to make a subsequent
* PutKeyPolicy request on the KMS key. This reduces the risk that the KMS key becomes unmanageable.
* For more information, refer to the scenario in the Default Key Policy section of the Key Management Service Developer Guide .
*
*
* -
*
* Each statement in the key policy must contain one or more principals. The principals in the key policy
* must exist and be visible to KMS. When you create a new Amazon Web Services principal (for example, an
* IAM user or role), you might need to enforce a delay before including the new principal in a key policy
* because the new principal might not be immediately visible to KMS. For more information, see Changes that I make are not always immediately visible in the Amazon Web Services Identity and
* Access Management User Guide.
*
*
*
*
* A key policy document can include only the following characters:
*
*
* -
*
* Printable ASCII characters from the space character (\u0020) through the end of the ASCII
* character range.
*
*
* -
*
* Printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF
* ).
*
*
* -
*
* The tab (\u0009), line feed (\u000A), and carriage return (\u000D)
* special characters
*
*
*
*
* For information about key policies, see Key policies in KMS in
* the Key Management Service Developer Guide. For help writing and formatting a JSON policy
* document, see the IAM
* JSON Policy Reference in the Identity and Access Management User Guide .
*/
public String getPolicy() {
return this.policy;
}
/**
*
* The key policy to attach to the KMS key. If you do not specify a key policy, KMS attaches a default key policy to
* the KMS key. For more information, see Default key
* policy in the Key Management Service Developer Guide.
*
*
* If you provide a key policy, it must meet the following criteria:
*
*
* -
*
* If you don't set BypassPolicyLockoutSafetyCheck to True, the key policy must allow the
* principal that is making the CreateKey request to make a subsequent PutKeyPolicy request on
* the KMS key. This reduces the risk that the KMS key becomes unmanageable. For more information, refer to the
* scenario in the Default Key Policy section of the Key Management Service Developer Guide .
*
*
* -
*
* Each statement in the key policy must contain one or more principals. The principals in the key policy must exist
* and be visible to KMS. When you create a new Amazon Web Services principal (for example, an IAM user or role),
* you might need to enforce a delay before including the new principal in a key policy because the new principal
* might not be immediately visible to KMS. For more information, see Changes that I make are not always immediately visible in the Amazon Web Services Identity and Access
* Management User Guide.
*
*
*
*
* A key policy document can include only the following characters:
*
*
* -
*
* Printable ASCII characters from the space character (\u0020) through the end of the ASCII character
* range.
*
*
* -
*
* Printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF).
*
*
* -
*
* The tab (\u0009), line feed (\u000A), and carriage return (\u000D) special
* characters
*
*
*
*
* For information about key policies, see Key policies in KMS in the
* Key Management Service Developer Guide. For help writing and formatting a JSON policy document, see the IAM JSON Policy Reference in
* the Identity and Access Management User Guide .
*
*
* @param policy
* The key policy to attach to the KMS key. If you do not specify a key policy, KMS attaches a default key
* policy to the KMS key. For more information, see Default
* key policy in the Key Management Service Developer Guide.
*
* If you provide a key policy, it must meet the following criteria:
*
*
* -
*
* If you don't set BypassPolicyLockoutSafetyCheck to True, the key policy must
* allow the principal that is making the CreateKey request to make a subsequent
* PutKeyPolicy request on the KMS key. This reduces the risk that the KMS key becomes unmanageable.
* For more information, refer to the scenario in the Default Key Policy section of the Key Management Service Developer Guide .
*
*
* -
*
* Each statement in the key policy must contain one or more principals. The principals in the key policy
* must exist and be visible to KMS. When you create a new Amazon Web Services principal (for example, an IAM
* user or role), you might need to enforce a delay before including the new principal in a key policy
* because the new principal might not be immediately visible to KMS. For more information, see Changes that I make are not always immediately visible in the Amazon Web Services Identity and
* Access Management User Guide.
*
*
*
*
* A key policy document can include only the following characters:
*
*
* -
*
* Printable ASCII characters from the space character (\u0020) through the end of the ASCII
* character range.
*
*
* -
*
* Printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF
* ).
*
*
* -
*
* The tab (\u0009), line feed (\u000A), and carriage return (\u000D)
* special characters
*
*
*
*
* For information about key policies, see Key policies in KMS in
* the Key Management Service Developer Guide. For help writing and formatting a JSON policy document,
* see the IAM JSON Policy
* Reference in the Identity and Access Management User Guide .
* @return Returns a reference to this object so that method calls can be chained together.
*/
public CreateKeyRequest withPolicy(String policy) {
setPolicy(policy);
return this;
}
/**
*
* A description of the KMS key.
*
*
* Use a description that helps you decide whether the KMS key is appropriate for a task. The default value is an
* empty string (no description).
*
*
* To set or change the description after the key is created, use UpdateKeyDescription.
*
*
* @param description
* A description of the KMS key.
*
* Use a description that helps you decide whether the KMS key is appropriate for a task. The default value
* is an empty string (no description).
*
*
* To set or change the description after the key is created, use UpdateKeyDescription.
*/
public void setDescription(String description) {
this.description = description;
}
/**
*
* A description of the KMS key.
*
*
* Use a description that helps you decide whether the KMS key is appropriate for a task. The default value is an
* empty string (no description).
*
*
* To set or change the description after the key is created, use UpdateKeyDescription.
*
*
* @return A description of the KMS key.
*
* Use a description that helps you decide whether the KMS key is appropriate for a task. The default value
* is an empty string (no description).
*
*
* To set or change the description after the key is created, use UpdateKeyDescription.
*/
public String getDescription() {
return this.description;
}
/**
*
* A description of the KMS key.
*
*
* Use a description that helps you decide whether the KMS key is appropriate for a task. The default value is an
* empty string (no description).
*
*
* To set or change the description after the key is created, use UpdateKeyDescription.
*
*
* @param description
* A description of the KMS key.
*
* Use a description that helps you decide whether the KMS key is appropriate for a task. The default value
* is an empty string (no description).
*
*
* To set or change the description after the key is created, use UpdateKeyDescription.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public CreateKeyRequest withDescription(String description) {
setDescription(description);
return this;
}
/**
*
* Determines the cryptographic
* operations for which you can use the KMS key. The default value is ENCRYPT_DECRYPT. This
* parameter is optional when you are creating a symmetric encryption KMS key; otherwise, it is required. You can't
* change the KeyUsage value after the KMS key is created.
*
*
* Select only one valid value.
*
*
* -
*
* For symmetric encryption KMS keys, omit the parameter or specify ENCRYPT_DECRYPT.
*
*
* -
*
* For HMAC KMS keys (symmetric), specify GENERATE_VERIFY_MAC.
*
*
* -
*
* For asymmetric KMS keys with RSA key material, specify ENCRYPT_DECRYPT or SIGN_VERIFY.
*
*
* -
*
* For asymmetric KMS keys with ECC key material, specify SIGN_VERIFY.
*
*
* -
*
* For asymmetric KMS keys with SM2 key material (China Regions only), specify ENCRYPT_DECRYPT or
* SIGN_VERIFY.
*
*
*
*
* @param keyUsage
* Determines the cryptographic operations for which you can use the KMS key. The default value is
* ENCRYPT_DECRYPT. This parameter is optional when you are creating a symmetric encryption KMS
* key; otherwise, it is required. You can't change the KeyUsage value after the KMS key is
* created.
*
* Select only one valid value.
*
*
* -
*
* For symmetric encryption KMS keys, omit the parameter or specify ENCRYPT_DECRYPT.
*
*
* -
*
* For HMAC KMS keys (symmetric), specify GENERATE_VERIFY_MAC.
*
*
* -
*
* For asymmetric KMS keys with RSA key material, specify ENCRYPT_DECRYPT or
* SIGN_VERIFY.
*
*
* -
*
* For asymmetric KMS keys with ECC key material, specify SIGN_VERIFY.
*
*
* -
*
* For asymmetric KMS keys with SM2 key material (China Regions only), specify ENCRYPT_DECRYPT
* or SIGN_VERIFY.
*
*
* @see KeyUsageType
*/
public void setKeyUsage(String keyUsage) {
this.keyUsage = keyUsage;
}
/**
*
* Determines the cryptographic
* operations for which you can use the KMS key. The default value is ENCRYPT_DECRYPT. This
* parameter is optional when you are creating a symmetric encryption KMS key; otherwise, it is required. You can't
* change the KeyUsage value after the KMS key is created.
*
*
* Select only one valid value.
*
*
* -
*
* For symmetric encryption KMS keys, omit the parameter or specify ENCRYPT_DECRYPT.
*
*
* -
*
* For HMAC KMS keys (symmetric), specify GENERATE_VERIFY_MAC.
*
*
* -
*
* For asymmetric KMS keys with RSA key material, specify ENCRYPT_DECRYPT or SIGN_VERIFY.
*
*
* -
*
* For asymmetric KMS keys with ECC key material, specify SIGN_VERIFY.
*
*
* -
*
* For asymmetric KMS keys with SM2 key material (China Regions only), specify ENCRYPT_DECRYPT or
* SIGN_VERIFY.
*
*
*
*
* @return Determines the cryptographic operations for which you can use the KMS key. The default value is
* ENCRYPT_DECRYPT. This parameter is optional when you are creating a symmetric encryption KMS
* key; otherwise, it is required. You can't change the KeyUsage value after the KMS key is
* created.
*
* Select only one valid value.
*
*
* -
*
* For symmetric encryption KMS keys, omit the parameter or specify ENCRYPT_DECRYPT.
*
*
* -
*
* For HMAC KMS keys (symmetric), specify GENERATE_VERIFY_MAC.
*
*
* -
*
* For asymmetric KMS keys with RSA key material, specify ENCRYPT_DECRYPT or
* SIGN_VERIFY.
*
*
* -
*
* For asymmetric KMS keys with ECC key material, specify SIGN_VERIFY.
*
*
* -
*
* For asymmetric KMS keys with SM2 key material (China Regions only), specify ENCRYPT_DECRYPT
* or SIGN_VERIFY.
*
*
* @see KeyUsageType
*/
public String getKeyUsage() {
return this.keyUsage;
}
/**
*
* Determines the cryptographic
* operations for which you can use the KMS key. The default value is ENCRYPT_DECRYPT. This
* parameter is optional when you are creating a symmetric encryption KMS key; otherwise, it is required. You can't
* change the KeyUsage value after the KMS key is created.
*
*
* Select only one valid value.
*
*
* -
*
* For symmetric encryption KMS keys, omit the parameter or specify ENCRYPT_DECRYPT.
*
*
* -
*
* For HMAC KMS keys (symmetric), specify GENERATE_VERIFY_MAC.
*
*
* -
*
* For asymmetric KMS keys with RSA key material, specify ENCRYPT_DECRYPT or SIGN_VERIFY.
*
*
* -
*
* For asymmetric KMS keys with ECC key material, specify SIGN_VERIFY.
*
*
* -
*
* For asymmetric KMS keys with SM2 key material (China Regions only), specify ENCRYPT_DECRYPT or
* SIGN_VERIFY.
*
*
*
*
* @param keyUsage
* Determines the cryptographic operations for which you can use the KMS key. The default value is
* ENCRYPT_DECRYPT. This parameter is optional when you are creating a symmetric encryption KMS
* key; otherwise, it is required. You can't change the KeyUsage value after the KMS key is
* created.
*
* Select only one valid value.
*
*
* -
*
* For symmetric encryption KMS keys, omit the parameter or specify ENCRYPT_DECRYPT.
*
*
* -
*
* For HMAC KMS keys (symmetric), specify GENERATE_VERIFY_MAC.
*
*
* -
*
* For asymmetric KMS keys with RSA key material, specify ENCRYPT_DECRYPT or
* SIGN_VERIFY.
*
*
* -
*
* For asymmetric KMS keys with ECC key material, specify SIGN_VERIFY.
*
*
* -
*
* For asymmetric KMS keys with SM2 key material (China Regions only), specify ENCRYPT_DECRYPT
* or SIGN_VERIFY.
*
*
* @return Returns a reference to this object so that method calls can be chained together.
* @see KeyUsageType
*/
public CreateKeyRequest withKeyUsage(String keyUsage) {
setKeyUsage(keyUsage);
return this;
}
/**
*
* Determines the cryptographic
* operations for which you can use the KMS key. The default value is ENCRYPT_DECRYPT. This
* parameter is optional when you are creating a symmetric encryption KMS key; otherwise, it is required. You can't
* change the KeyUsage value after the KMS key is created.
*
*
* Select only one valid value.
*
*
* -
*
* For symmetric encryption KMS keys, omit the parameter or specify ENCRYPT_DECRYPT.
*
*
* -
*
* For HMAC KMS keys (symmetric), specify GENERATE_VERIFY_MAC.
*
*
* -
*
* For asymmetric KMS keys with RSA key material, specify ENCRYPT_DECRYPT or SIGN_VERIFY.
*
*
* -
*
* For asymmetric KMS keys with ECC key material, specify SIGN_VERIFY.
*
*
* -
*
* For asymmetric KMS keys with SM2 key material (China Regions only), specify ENCRYPT_DECRYPT or
* SIGN_VERIFY.
*
*
*
*
* @param keyUsage
* Determines the cryptographic operations for which you can use the KMS key. The default value is
* ENCRYPT_DECRYPT. This parameter is optional when you are creating a symmetric encryption KMS
* key; otherwise, it is required. You can't change the KeyUsage value after the KMS key is
* created.
*
* Select only one valid value.
*
*
* -
*
* For symmetric encryption KMS keys, omit the parameter or specify ENCRYPT_DECRYPT.
*
*
* -
*
* For HMAC KMS keys (symmetric), specify GENERATE_VERIFY_MAC.
*
*
* -
*
* For asymmetric KMS keys with RSA key material, specify ENCRYPT_DECRYPT or
* SIGN_VERIFY.
*
*
* -
*
* For asymmetric KMS keys with ECC key material, specify SIGN_VERIFY.
*
*
* -
*
* For asymmetric KMS keys with SM2 key material (China Regions only), specify ENCRYPT_DECRYPT
* or SIGN_VERIFY.
*
*
* @see KeyUsageType
*/
public void setKeyUsage(KeyUsageType keyUsage) {
withKeyUsage(keyUsage);
}
/**
*
* Determines the cryptographic
* operations for which you can use the KMS key. The default value is ENCRYPT_DECRYPT. This
* parameter is optional when you are creating a symmetric encryption KMS key; otherwise, it is required. You can't
* change the KeyUsage value after the KMS key is created.
*
*
* Select only one valid value.
*
*
* -
*
* For symmetric encryption KMS keys, omit the parameter or specify ENCRYPT_DECRYPT.
*
*
* -
*
* For HMAC KMS keys (symmetric), specify GENERATE_VERIFY_MAC.
*
*
* -
*
* For asymmetric KMS keys with RSA key material, specify ENCRYPT_DECRYPT or SIGN_VERIFY.
*
*
* -
*
* For asymmetric KMS keys with ECC key material, specify SIGN_VERIFY.
*
*
* -
*
* For asymmetric KMS keys with SM2 key material (China Regions only), specify ENCRYPT_DECRYPT or
* SIGN_VERIFY.
*
*
*
*
* @param keyUsage
* Determines the cryptographic operations for which you can use the KMS key. The default value is
* ENCRYPT_DECRYPT. This parameter is optional when you are creating a symmetric encryption KMS
* key; otherwise, it is required. You can't change the KeyUsage value after the KMS key is
* created.
*
* Select only one valid value.
*
*
* -
*
* For symmetric encryption KMS keys, omit the parameter or specify ENCRYPT_DECRYPT.
*
*
* -
*
* For HMAC KMS keys (symmetric), specify GENERATE_VERIFY_MAC.
*
*
* -
*
* For asymmetric KMS keys with RSA key material, specify ENCRYPT_DECRYPT or
* SIGN_VERIFY.
*
*
* -
*
* For asymmetric KMS keys with ECC key material, specify SIGN_VERIFY.
*
*
* -
*
* For asymmetric KMS keys with SM2 key material (China Regions only), specify ENCRYPT_DECRYPT
* or SIGN_VERIFY.
*
*
* @return Returns a reference to this object so that method calls can be chained together.
* @see KeyUsageType
*/
public CreateKeyRequest withKeyUsage(KeyUsageType keyUsage) {
this.keyUsage = keyUsage.toString();
return this;
}
/**
*
* Instead, use the KeySpec parameter.
*
*
* The KeySpec and CustomerMasterKeySpec parameters work the same way. Only the names
* differ. We recommend that you use KeySpec parameter in your code. However, to avoid breaking
* changes, KMS will support both parameters.
*
*
* @param customerMasterKeySpec
* Instead, use the KeySpec parameter.
*
* The KeySpec and CustomerMasterKeySpec parameters work the same way. Only the
* names differ. We recommend that you use KeySpec parameter in your code. However, to avoid
* breaking changes, KMS will support both parameters.
* @see CustomerMasterKeySpec
*/
@Deprecated
public void setCustomerMasterKeySpec(String customerMasterKeySpec) {
this.customerMasterKeySpec = customerMasterKeySpec;
}
/**
*
* Instead, use the KeySpec parameter.
*
*
* The KeySpec and CustomerMasterKeySpec parameters work the same way. Only the names
* differ. We recommend that you use KeySpec parameter in your code. However, to avoid breaking
* changes, KMS will support both parameters.
*
*
* @return Instead, use the KeySpec parameter.
*
* The KeySpec and CustomerMasterKeySpec parameters work the same way. Only the
* names differ. We recommend that you use KeySpec parameter in your code. However, to avoid
* breaking changes, KMS will support both parameters.
* @see CustomerMasterKeySpec
*/
@Deprecated
public String getCustomerMasterKeySpec() {
return this.customerMasterKeySpec;
}
/**
*
* Instead, use the KeySpec parameter.
*
*
* The KeySpec and CustomerMasterKeySpec parameters work the same way. Only the names
* differ. We recommend that you use KeySpec parameter in your code. However, to avoid breaking
* changes, KMS will support both parameters.
*
*
* @param customerMasterKeySpec
* Instead, use the KeySpec parameter.
*
* The KeySpec and CustomerMasterKeySpec parameters work the same way. Only the
* names differ. We recommend that you use KeySpec parameter in your code. However, to avoid
* breaking changes, KMS will support both parameters.
* @return Returns a reference to this object so that method calls can be chained together.
* @see CustomerMasterKeySpec
*/
@Deprecated
public CreateKeyRequest withCustomerMasterKeySpec(String customerMasterKeySpec) {
setCustomerMasterKeySpec(customerMasterKeySpec);
return this;
}
/**
*
* Instead, use the KeySpec parameter.
*
*
* The KeySpec and CustomerMasterKeySpec parameters work the same way. Only the names
* differ. We recommend that you use KeySpec parameter in your code. However, to avoid breaking
* changes, KMS will support both parameters.
*
*
* @param customerMasterKeySpec
* Instead, use the KeySpec parameter.
*
* The KeySpec and CustomerMasterKeySpec parameters work the same way. Only the
* names differ. We recommend that you use KeySpec parameter in your code. However, to avoid
* breaking changes, KMS will support both parameters.
* @see CustomerMasterKeySpec
*/
@Deprecated
public void setCustomerMasterKeySpec(CustomerMasterKeySpec customerMasterKeySpec) {
withCustomerMasterKeySpec(customerMasterKeySpec);
}
/**
*
* Instead, use the KeySpec parameter.
*
*
* The KeySpec and CustomerMasterKeySpec parameters work the same way. Only the names
* differ. We recommend that you use KeySpec parameter in your code. However, to avoid breaking
* changes, KMS will support both parameters.
*
*
* @param customerMasterKeySpec
* Instead, use the KeySpec parameter.
*
* The KeySpec and CustomerMasterKeySpec parameters work the same way. Only the
* names differ. We recommend that you use KeySpec parameter in your code. However, to avoid
* breaking changes, KMS will support both parameters.
* @return Returns a reference to this object so that method calls can be chained together.
* @see CustomerMasterKeySpec
*/
@Deprecated
public CreateKeyRequest withCustomerMasterKeySpec(CustomerMasterKeySpec customerMasterKeySpec) {
this.customerMasterKeySpec = customerMasterKeySpec.toString();
return this;
}
/**
*
* Specifies the type of KMS key to create. The default value, SYMMETRIC_DEFAULT, creates a KMS key
* with a 256-bit AES-GCM key that is used for encryption and decryption, except in China Regions, where it creates
* a 128-bit symmetric key that uses SM4 encryption. For help choosing a key spec for your KMS key, see Choosing a KMS key
* type in the Key Management Service Developer Guide .
*
*
* The KeySpec determines whether the KMS key contains a symmetric key or an asymmetric key pair. It
* also determines the cryptographic algorithms that the KMS key supports. You can't change the KeySpec
* after the KMS key is created. To further restrict the algorithms that can be used with the KMS key, use a
* condition key in its key policy or IAM policy. For more information, see kms:EncryptionAlgorithm, kms:MacAlgorithm or kms:Signing Algorithm in the Key Management Service Developer Guide .
*
*
*
* Amazon Web Services services that are
* integrated with KMS use symmetric encryption KMS keys to protect your data. These services do not support
* asymmetric KMS keys or HMAC KMS keys.
*
*
*
* KMS supports the following key specs for KMS keys:
*
*
* -
*
* Symmetric encryption key (default)
*
*
* -
*
* SYMMETRIC_DEFAULT
*
*
*
*
* -
*
* HMAC keys (symmetric)
*
*
* -
*
* HMAC_224
*
*
* -
*
* HMAC_256
*
*
* -
*
* HMAC_384
*
*
* -
*
* HMAC_512
*
*
*
*
* -
*
* Asymmetric RSA key pairs
*
*
* -
*
* RSA_2048
*
*
* -
*
* RSA_3072
*
*
* -
*
* RSA_4096
*
*
*
*
* -
*
* Asymmetric NIST-recommended elliptic curve key pairs
*
*
* -
*
* ECC_NIST_P256 (secp256r1)
*
*
* -
*
* ECC_NIST_P384 (secp384r1)
*
*
* -
*
* ECC_NIST_P521 (secp521r1)
*
*
*
*
* -
*
* Other asymmetric elliptic curve key pairs
*
*
* -
*
* ECC_SECG_P256K1 (secp256k1), commonly used for cryptocurrencies.
*
*
*
*
* -
*
* SM2 key pairs (China Regions only)
*
*
* -
*
* SM2
*
*
*
*
*
*
* @param keySpec
* Specifies the type of KMS key to create. The default value, SYMMETRIC_DEFAULT, creates a KMS
* key with a 256-bit AES-GCM key that is used for encryption and decryption, except in China Regions, where
* it creates a 128-bit symmetric key that uses SM4 encryption. For help choosing a key spec for your KMS
* key, see Choosing a
* KMS key type in the Key Management Service Developer Guide .
*
* The KeySpec determines whether the KMS key contains a symmetric key or an asymmetric key
* pair. It also determines the cryptographic algorithms that the KMS key supports. You can't change the
* KeySpec after the KMS key is created. To further restrict the algorithms that can be used
* with the KMS key, use a condition key in its key policy or IAM policy. For more information, see kms:EncryptionAlgorithm, kms:MacAlgorithm or kms:Signing Algorithm in the Key Management Service Developer Guide .
*
*
*
* Amazon Web Services services that
* are integrated with KMS use symmetric encryption KMS keys to protect your data. These services do not
* support asymmetric KMS keys or HMAC KMS keys.
*
*
*
* KMS supports the following key specs for KMS keys:
*
*
* -
*
* Symmetric encryption key (default)
*
*
* -
*
* SYMMETRIC_DEFAULT
*
*
*
*
* -
*
* HMAC keys (symmetric)
*
*
* -
*
* HMAC_224
*
*
* -
*
* HMAC_256
*
*
* -
*
* HMAC_384
*
*
* -
*
* HMAC_512
*
*
*
*
* -
*
* Asymmetric RSA key pairs
*
*
* -
*
* RSA_2048
*
*
* -
*
* RSA_3072
*
*
* -
*
* RSA_4096
*
*
*
*
* -
*
* Asymmetric NIST-recommended elliptic curve key pairs
*
*
* -
*
* ECC_NIST_P256 (secp256r1)
*
*
* -
*
* ECC_NIST_P384 (secp384r1)
*
*
* -
*
* ECC_NIST_P521 (secp521r1)
*
*
*
*
* -
*
* Other asymmetric elliptic curve key pairs
*
*
* -
*
* ECC_SECG_P256K1 (secp256k1), commonly used for cryptocurrencies.
*
*
*
*
* -
*
* SM2 key pairs (China Regions only)
*
*
* -
*
* SM2
*
*
*
*
* @see KeySpec
*/
public void setKeySpec(String keySpec) {
this.keySpec = keySpec;
}
/**
*
* Specifies the type of KMS key to create. The default value, SYMMETRIC_DEFAULT, creates a KMS key
* with a 256-bit AES-GCM key that is used for encryption and decryption, except in China Regions, where it creates
* a 128-bit symmetric key that uses SM4 encryption. For help choosing a key spec for your KMS key, see Choosing a KMS key
* type in the Key Management Service Developer Guide .
*
*
* The KeySpec determines whether the KMS key contains a symmetric key or an asymmetric key pair. It
* also determines the cryptographic algorithms that the KMS key supports. You can't change the KeySpec
* after the KMS key is created. To further restrict the algorithms that can be used with the KMS key, use a
* condition key in its key policy or IAM policy. For more information, see kms:EncryptionAlgorithm, kms:MacAlgorithm or kms:Signing Algorithm in the Key Management Service Developer Guide .
*
*
*
* Amazon Web Services services that are
* integrated with KMS use symmetric encryption KMS keys to protect your data. These services do not support
* asymmetric KMS keys or HMAC KMS keys.
*
*
*
* KMS supports the following key specs for KMS keys:
*
*
* -
*
* Symmetric encryption key (default)
*
*
* -
*
* SYMMETRIC_DEFAULT
*
*
*
*
* -
*
* HMAC keys (symmetric)
*
*
* -
*
* HMAC_224
*
*
* -
*
* HMAC_256
*
*
* -
*
* HMAC_384
*
*
* -
*
* HMAC_512
*
*
*
*
* -
*
* Asymmetric RSA key pairs
*
*
* -
*
* RSA_2048
*
*
* -
*
* RSA_3072
*
*
* -
*
* RSA_4096
*
*
*
*
* -
*
* Asymmetric NIST-recommended elliptic curve key pairs
*
*
* -
*
* ECC_NIST_P256 (secp256r1)
*
*
* -
*
* ECC_NIST_P384 (secp384r1)
*
*
* -
*
* ECC_NIST_P521 (secp521r1)
*
*
*
*
* -
*
* Other asymmetric elliptic curve key pairs
*
*
* -
*
* ECC_SECG_P256K1 (secp256k1), commonly used for cryptocurrencies.
*
*
*
*
* -
*
* SM2 key pairs (China Regions only)
*
*
* -
*
* SM2
*
*
*
*
*
*
* @return Specifies the type of KMS key to create. The default value, SYMMETRIC_DEFAULT, creates a KMS
* key with a 256-bit AES-GCM key that is used for encryption and decryption, except in China Regions, where
* it creates a 128-bit symmetric key that uses SM4 encryption. For help choosing a key spec for your KMS
* key, see Choosing a
* KMS key type in the Key Management Service Developer Guide .
*
* The KeySpec determines whether the KMS key contains a symmetric key or an asymmetric key
* pair. It also determines the cryptographic algorithms that the KMS key supports. You can't change the
* KeySpec after the KMS key is created. To further restrict the algorithms that can be used
* with the KMS key, use a condition key in its key policy or IAM policy. For more information, see kms:EncryptionAlgorithm, kms:MacAlgorithm or kms:Signing Algorithm in the Key Management Service Developer Guide .
*
*
*
* Amazon Web Services services that
* are integrated with KMS use symmetric encryption KMS keys to protect your data. These services do not
* support asymmetric KMS keys or HMAC KMS keys.
*
*
*
* KMS supports the following key specs for KMS keys:
*
*
* -
*
* Symmetric encryption key (default)
*
*
* -
*
* SYMMETRIC_DEFAULT
*
*
*
*
* -
*
* HMAC keys (symmetric)
*
*
* -
*
* HMAC_224
*
*
* -
*
* HMAC_256
*
*
* -
*
* HMAC_384
*
*
* -
*
* HMAC_512
*
*
*
*
* -
*
* Asymmetric RSA key pairs
*
*
* -
*
* RSA_2048
*
*
* -
*
* RSA_3072
*
*
* -
*
* RSA_4096
*
*
*
*
* -
*
* Asymmetric NIST-recommended elliptic curve key pairs
*
*
* -
*
* ECC_NIST_P256 (secp256r1)
*
*
* -
*
* ECC_NIST_P384 (secp384r1)
*
*
* -
*
* ECC_NIST_P521 (secp521r1)
*
*
*
*
* -
*
* Other asymmetric elliptic curve key pairs
*
*
* -
*
* ECC_SECG_P256K1 (secp256k1), commonly used for cryptocurrencies.
*
*
*
*
* -
*
* SM2 key pairs (China Regions only)
*
*
* -
*
* SM2
*
*
*
*
* @see KeySpec
*/
public String getKeySpec() {
return this.keySpec;
}
/**
*
* Specifies the type of KMS key to create. The default value, SYMMETRIC_DEFAULT, creates a KMS key
* with a 256-bit AES-GCM key that is used for encryption and decryption, except in China Regions, where it creates
* a 128-bit symmetric key that uses SM4 encryption. For help choosing a key spec for your KMS key, see Choosing a KMS key
* type in the Key Management Service Developer Guide .
*
*
* The KeySpec determines whether the KMS key contains a symmetric key or an asymmetric key pair. It
* also determines the cryptographic algorithms that the KMS key supports. You can't change the KeySpec
* after the KMS key is created. To further restrict the algorithms that can be used with the KMS key, use a
* condition key in its key policy or IAM policy. For more information, see kms:EncryptionAlgorithm, kms:MacAlgorithm or kms:Signing Algorithm in the Key Management Service Developer Guide .
*
*
*
* Amazon Web Services services that are
* integrated with KMS use symmetric encryption KMS keys to protect your data. These services do not support
* asymmetric KMS keys or HMAC KMS keys.
*
*
*
* KMS supports the following key specs for KMS keys:
*
*
* -
*
* Symmetric encryption key (default)
*
*
* -
*
* SYMMETRIC_DEFAULT
*
*
*
*
* -
*
* HMAC keys (symmetric)
*
*
* -
*
* HMAC_224
*
*
* -
*
* HMAC_256
*
*
* -
*
* HMAC_384
*
*
* -
*
* HMAC_512
*
*
*
*
* -
*
* Asymmetric RSA key pairs
*
*
* -
*
* RSA_2048
*
*
* -
*
* RSA_3072
*
*
* -
*
* RSA_4096
*
*
*
*
* -
*
* Asymmetric NIST-recommended elliptic curve key pairs
*
*
* -
*
* ECC_NIST_P256 (secp256r1)
*
*
* -
*
* ECC_NIST_P384 (secp384r1)
*
*
* -
*
* ECC_NIST_P521 (secp521r1)
*
*
*
*
* -
*
* Other asymmetric elliptic curve key pairs
*
*
* -
*
* ECC_SECG_P256K1 (secp256k1), commonly used for cryptocurrencies.
*
*
*
*
* -
*
* SM2 key pairs (China Regions only)
*
*
* -
*
* SM2
*
*
*
*
*
*
* @param keySpec
* Specifies the type of KMS key to create. The default value, SYMMETRIC_DEFAULT, creates a KMS
* key with a 256-bit AES-GCM key that is used for encryption and decryption, except in China Regions, where
* it creates a 128-bit symmetric key that uses SM4 encryption. For help choosing a key spec for your KMS
* key, see Choosing a
* KMS key type in the Key Management Service Developer Guide .
*
* The KeySpec determines whether the KMS key contains a symmetric key or an asymmetric key
* pair. It also determines the cryptographic algorithms that the KMS key supports. You can't change the
* KeySpec after the KMS key is created. To further restrict the algorithms that can be used
* with the KMS key, use a condition key in its key policy or IAM policy. For more information, see kms:EncryptionAlgorithm, kms:MacAlgorithm or kms:Signing Algorithm in the Key Management Service Developer Guide .
*
*
*
* Amazon Web Services services that
* are integrated with KMS use symmetric encryption KMS keys to protect your data. These services do not
* support asymmetric KMS keys or HMAC KMS keys.
*
*
*
* KMS supports the following key specs for KMS keys:
*
*
* -
*
* Symmetric encryption key (default)
*
*
* -
*
* SYMMETRIC_DEFAULT
*
*
*
*
* -
*
* HMAC keys (symmetric)
*
*
* -
*
* HMAC_224
*
*
* -
*
* HMAC_256
*
*
* -
*
* HMAC_384
*
*
* -
*
* HMAC_512
*
*
*
*
* -
*
* Asymmetric RSA key pairs
*
*
* -
*
* RSA_2048
*
*
* -
*
* RSA_3072
*
*
* -
*
* RSA_4096
*
*
*
*
* -
*
* Asymmetric NIST-recommended elliptic curve key pairs
*
*
* -
*
* ECC_NIST_P256 (secp256r1)
*
*
* -
*
* ECC_NIST_P384 (secp384r1)
*
*
* -
*
* ECC_NIST_P521 (secp521r1)
*
*
*
*
* -
*
* Other asymmetric elliptic curve key pairs
*
*
* -
*
* ECC_SECG_P256K1 (secp256k1), commonly used for cryptocurrencies.
*
*
*
*
* -
*
* SM2 key pairs (China Regions only)
*
*
* -
*
* SM2
*
*
*
*
* @return Returns a reference to this object so that method calls can be chained together.
* @see KeySpec
*/
public CreateKeyRequest withKeySpec(String keySpec) {
setKeySpec(keySpec);
return this;
}
/**
*
* Specifies the type of KMS key to create. The default value, SYMMETRIC_DEFAULT, creates a KMS key
* with a 256-bit AES-GCM key that is used for encryption and decryption, except in China Regions, where it creates
* a 128-bit symmetric key that uses SM4 encryption. For help choosing a key spec for your KMS key, see Choosing a KMS key
* type in the Key Management Service Developer Guide .
*
*
* The KeySpec determines whether the KMS key contains a symmetric key or an asymmetric key pair. It
* also determines the cryptographic algorithms that the KMS key supports. You can't change the KeySpec
* after the KMS key is created. To further restrict the algorithms that can be used with the KMS key, use a
* condition key in its key policy or IAM policy. For more information, see kms:EncryptionAlgorithm, kms:MacAlgorithm or kms:Signing Algorithm in the Key Management Service Developer Guide .
*
*
*
* Amazon Web Services services that are
* integrated with KMS use symmetric encryption KMS keys to protect your data. These services do not support
* asymmetric KMS keys or HMAC KMS keys.
*
*
*
* KMS supports the following key specs for KMS keys:
*
*
* -
*
* Symmetric encryption key (default)
*
*
* -
*
* SYMMETRIC_DEFAULT
*
*
*
*
* -
*
* HMAC keys (symmetric)
*
*
* -
*
* HMAC_224
*
*
* -
*
* HMAC_256
*
*
* -
*
* HMAC_384
*
*
* -
*
* HMAC_512
*
*
*
*
* -
*
* Asymmetric RSA key pairs
*
*
* -
*
* RSA_2048
*
*
* -
*
* RSA_3072
*
*
* -
*
* RSA_4096
*
*
*
*
* -
*
* Asymmetric NIST-recommended elliptic curve key pairs
*
*
* -
*
* ECC_NIST_P256 (secp256r1)
*
*
* -
*
* ECC_NIST_P384 (secp384r1)
*
*
* -
*
* ECC_NIST_P521 (secp521r1)
*
*
*
*
* -
*
* Other asymmetric elliptic curve key pairs
*
*
* -
*
* ECC_SECG_P256K1 (secp256k1), commonly used for cryptocurrencies.
*
*
*
*
* -
*
* SM2 key pairs (China Regions only)
*
*
* -
*
* SM2
*
*
*
*
*
*
* @param keySpec
* Specifies the type of KMS key to create. The default value, SYMMETRIC_DEFAULT, creates a KMS
* key with a 256-bit AES-GCM key that is used for encryption and decryption, except in China Regions, where
* it creates a 128-bit symmetric key that uses SM4 encryption. For help choosing a key spec for your KMS
* key, see Choosing a
* KMS key type in the Key Management Service Developer Guide .
*
* The KeySpec determines whether the KMS key contains a symmetric key or an asymmetric key
* pair. It also determines the cryptographic algorithms that the KMS key supports. You can't change the
* KeySpec after the KMS key is created. To further restrict the algorithms that can be used
* with the KMS key, use a condition key in its key policy or IAM policy. For more information, see kms:EncryptionAlgorithm, kms:MacAlgorithm or kms:Signing Algorithm in the Key Management Service Developer Guide .
*
*
*
* Amazon Web Services services that
* are integrated with KMS use symmetric encryption KMS keys to protect your data. These services do not
* support asymmetric KMS keys or HMAC KMS keys.
*
*
*
* KMS supports the following key specs for KMS keys:
*
*
* -
*
* Symmetric encryption key (default)
*
*
* -
*
* SYMMETRIC_DEFAULT
*
*
*
*
* -
*
* HMAC keys (symmetric)
*
*
* -
*
* HMAC_224
*
*
* -
*
* HMAC_256
*
*
* -
*
* HMAC_384
*
*
* -
*
* HMAC_512
*
*
*
*
* -
*
* Asymmetric RSA key pairs
*
*
* -
*
* RSA_2048
*
*
* -
*
* RSA_3072
*
*
* -
*
* RSA_4096
*
*
*
*
* -
*
* Asymmetric NIST-recommended elliptic curve key pairs
*
*
* -
*
* ECC_NIST_P256 (secp256r1)
*
*
* -
*
* ECC_NIST_P384 (secp384r1)
*
*
* -
*
* ECC_NIST_P521 (secp521r1)
*
*
*
*
* -
*
* Other asymmetric elliptic curve key pairs
*
*
* -
*
* ECC_SECG_P256K1 (secp256k1), commonly used for cryptocurrencies.
*
*
*
*
* -
*
* SM2 key pairs (China Regions only)
*
*
* -
*
* SM2
*
*
*
*
* @see KeySpec
*/
public void setKeySpec(KeySpec keySpec) {
withKeySpec(keySpec);
}
/**
*
* Specifies the type of KMS key to create. The default value, SYMMETRIC_DEFAULT, creates a KMS key
* with a 256-bit AES-GCM key that is used for encryption and decryption, except in China Regions, where it creates
* a 128-bit symmetric key that uses SM4 encryption. For help choosing a key spec for your KMS key, see Choosing a KMS key
* type in the Key Management Service Developer Guide .
*
*
* The KeySpec determines whether the KMS key contains a symmetric key or an asymmetric key pair. It
* also determines the cryptographic algorithms that the KMS key supports. You can't change the KeySpec
* after the KMS key is created. To further restrict the algorithms that can be used with the KMS key, use a
* condition key in its key policy or IAM policy. For more information, see kms:EncryptionAlgorithm, kms:MacAlgorithm or kms:Signing Algorithm in the Key Management Service Developer Guide .
*
*
*
* Amazon Web Services services that are
* integrated with KMS use symmetric encryption KMS keys to protect your data. These services do not support
* asymmetric KMS keys or HMAC KMS keys.
*
*
*
* KMS supports the following key specs for KMS keys:
*
*
* -
*
* Symmetric encryption key (default)
*
*
* -
*
* SYMMETRIC_DEFAULT
*
*
*
*
* -
*
* HMAC keys (symmetric)
*
*
* -
*
* HMAC_224
*
*
* -
*
* HMAC_256
*
*
* -
*
* HMAC_384
*
*
* -
*
* HMAC_512
*
*
*
*
* -
*
* Asymmetric RSA key pairs
*
*
* -
*
* RSA_2048
*
*
* -
*
* RSA_3072
*
*
* -
*
* RSA_4096
*
*
*
*
* -
*
* Asymmetric NIST-recommended elliptic curve key pairs
*
*
* -
*
* ECC_NIST_P256 (secp256r1)
*
*
* -
*
* ECC_NIST_P384 (secp384r1)
*
*
* -
*
* ECC_NIST_P521 (secp521r1)
*
*
*
*
* -
*
* Other asymmetric elliptic curve key pairs
*
*
* -
*
* ECC_SECG_P256K1 (secp256k1), commonly used for cryptocurrencies.
*
*
*
*
* -
*
* SM2 key pairs (China Regions only)
*
*
* -
*
* SM2
*
*
*
*
*
*
* @param keySpec
* Specifies the type of KMS key to create. The default value, SYMMETRIC_DEFAULT, creates a KMS
* key with a 256-bit AES-GCM key that is used for encryption and decryption, except in China Regions, where
* it creates a 128-bit symmetric key that uses SM4 encryption. For help choosing a key spec for your KMS
* key, see Choosing a
* KMS key type in the Key Management Service Developer Guide .
*
* The KeySpec determines whether the KMS key contains a symmetric key or an asymmetric key
* pair. It also determines the cryptographic algorithms that the KMS key supports. You can't change the
* KeySpec after the KMS key is created. To further restrict the algorithms that can be used
* with the KMS key, use a condition key in its key policy or IAM policy. For more information, see kms:EncryptionAlgorithm, kms:MacAlgorithm or kms:Signing Algorithm in the Key Management Service Developer Guide .
*
*
*
* Amazon Web Services services that
* are integrated with KMS use symmetric encryption KMS keys to protect your data. These services do not
* support asymmetric KMS keys or HMAC KMS keys.
*
*
*
* KMS supports the following key specs for KMS keys:
*
*
* -
*
* Symmetric encryption key (default)
*
*
* -
*
* SYMMETRIC_DEFAULT
*
*
*
*
* -
*
* HMAC keys (symmetric)
*
*
* -
*
* HMAC_224
*
*
* -
*
* HMAC_256
*
*
* -
*
* HMAC_384
*
*
* -
*
* HMAC_512
*
*
*
*
* -
*
* Asymmetric RSA key pairs
*
*
* -
*
* RSA_2048
*
*
* -
*
* RSA_3072
*
*
* -
*
* RSA_4096
*
*
*
*
* -
*
* Asymmetric NIST-recommended elliptic curve key pairs
*
*
* -
*
* ECC_NIST_P256 (secp256r1)
*
*
* -
*
* ECC_NIST_P384 (secp384r1)
*
*
* -
*
* ECC_NIST_P521 (secp521r1)
*
*
*
*
* -
*
* Other asymmetric elliptic curve key pairs
*
*
* -
*
* ECC_SECG_P256K1 (secp256k1), commonly used for cryptocurrencies.
*
*
*
*
* -
*
* SM2 key pairs (China Regions only)
*
*
* -
*
* SM2
*
*
*
*
* @return Returns a reference to this object so that method calls can be chained together.
* @see KeySpec
*/
public CreateKeyRequest withKeySpec(KeySpec keySpec) {
this.keySpec = keySpec.toString();
return this;
}
/**
*
* The source of the key material for the KMS key. You cannot change the origin after you create the KMS key. The
* default is AWS_KMS, which means that KMS creates the key material.
*
*
* To create a KMS key with no key material (for imported key material), set the value to EXTERNAL. For
* more information about importing key material into KMS, see Importing Key Material in
* the Key Management Service Developer Guide. This value is valid only for symmetric encryption KMS keys.
*
*
* To create a KMS key in an KMS custom key store
* and create its key material in the associated CloudHSM cluster, set this value to AWS_CLOUDHSM. You
* must also use the CustomKeyStoreId parameter to identify the custom key store. This value is valid
* only for symmetric encryption KMS keys.
*
*
* @param origin
* The source of the key material for the KMS key. You cannot change the origin after you create the KMS key.
* The default is AWS_KMS, which means that KMS creates the key material.
*
* To create a KMS key with no key material (for imported key material), set the value to
* EXTERNAL. For more information about importing key material into KMS, see Importing Key
* Material in the Key Management Service Developer Guide. This value is valid only for symmetric
* encryption KMS keys.
*
*
* To create a KMS key in an KMS custom key
* store and create its key material in the associated CloudHSM cluster, set this value to
* AWS_CLOUDHSM. You must also use the CustomKeyStoreId parameter to identify the
* custom key store. This value is valid only for symmetric encryption KMS keys.
* @see OriginType
*/
public void setOrigin(String origin) {
this.origin = origin;
}
/**
*
* The source of the key material for the KMS key. You cannot change the origin after you create the KMS key. The
* default is AWS_KMS, which means that KMS creates the key material.
*
*
* To create a KMS key with no key material (for imported key material), set the value to EXTERNAL. For
* more information about importing key material into KMS, see Importing Key Material in
* the Key Management Service Developer Guide. This value is valid only for symmetric encryption KMS keys.
*
*
* To create a KMS key in an KMS custom key store
* and create its key material in the associated CloudHSM cluster, set this value to AWS_CLOUDHSM. You
* must also use the CustomKeyStoreId parameter to identify the custom key store. This value is valid
* only for symmetric encryption KMS keys.
*
*
* @return The source of the key material for the KMS key. You cannot change the origin after you create the KMS
* key. The default is AWS_KMS, which means that KMS creates the key material.
*
* To create a KMS key with no key material (for imported key material), set the value to
* EXTERNAL. For more information about importing key material into KMS, see Importing Key
* Material in the Key Management Service Developer Guide. This value is valid only for symmetric
* encryption KMS keys.
*
*
* To create a KMS key in an KMS custom key
* store and create its key material in the associated CloudHSM cluster, set this value to
* AWS_CLOUDHSM. You must also use the CustomKeyStoreId parameter to identify the
* custom key store. This value is valid only for symmetric encryption KMS keys.
* @see OriginType
*/
public String getOrigin() {
return this.origin;
}
/**
*
* The source of the key material for the KMS key. You cannot change the origin after you create the KMS key. The
* default is AWS_KMS, which means that KMS creates the key material.
*
*
* To create a KMS key with no key material (for imported key material), set the value to EXTERNAL. For
* more information about importing key material into KMS, see Importing Key Material in
* the Key Management Service Developer Guide. This value is valid only for symmetric encryption KMS keys.
*
*
* To create a KMS key in an KMS custom key store
* and create its key material in the associated CloudHSM cluster, set this value to AWS_CLOUDHSM. You
* must also use the CustomKeyStoreId parameter to identify the custom key store. This value is valid
* only for symmetric encryption KMS keys.
*
*
* @param origin
* The source of the key material for the KMS key. You cannot change the origin after you create the KMS key.
* The default is AWS_KMS, which means that KMS creates the key material.
*
* To create a KMS key with no key material (for imported key material), set the value to
* EXTERNAL. For more information about importing key material into KMS, see Importing Key
* Material in the Key Management Service Developer Guide. This value is valid only for symmetric
* encryption KMS keys.
*
*
* To create a KMS key in an KMS custom key
* store and create its key material in the associated CloudHSM cluster, set this value to
* AWS_CLOUDHSM. You must also use the CustomKeyStoreId parameter to identify the
* custom key store. This value is valid only for symmetric encryption KMS keys.
* @return Returns a reference to this object so that method calls can be chained together.
* @see OriginType
*/
public CreateKeyRequest withOrigin(String origin) {
setOrigin(origin);
return this;
}
/**
*
* The source of the key material for the KMS key. You cannot change the origin after you create the KMS key. The
* default is AWS_KMS, which means that KMS creates the key material.
*
*
* To create a KMS key with no key material (for imported key material), set the value to EXTERNAL. For
* more information about importing key material into KMS, see Importing Key Material in
* the Key Management Service Developer Guide. This value is valid only for symmetric encryption KMS keys.
*
*
* To create a KMS key in an KMS custom key store
* and create its key material in the associated CloudHSM cluster, set this value to AWS_CLOUDHSM. You
* must also use the CustomKeyStoreId parameter to identify the custom key store. This value is valid
* only for symmetric encryption KMS keys.
*
*
* @param origin
* The source of the key material for the KMS key. You cannot change the origin after you create the KMS key.
* The default is AWS_KMS, which means that KMS creates the key material.
*
* To create a KMS key with no key material (for imported key material), set the value to
* EXTERNAL. For more information about importing key material into KMS, see Importing Key
* Material in the Key Management Service Developer Guide. This value is valid only for symmetric
* encryption KMS keys.
*
*
* To create a KMS key in an KMS custom key
* store and create its key material in the associated CloudHSM cluster, set this value to
* AWS_CLOUDHSM. You must also use the CustomKeyStoreId parameter to identify the
* custom key store. This value is valid only for symmetric encryption KMS keys.
* @see OriginType
*/
public void setOrigin(OriginType origin) {
withOrigin(origin);
}
/**
*
* The source of the key material for the KMS key. You cannot change the origin after you create the KMS key. The
* default is AWS_KMS, which means that KMS creates the key material.
*
*
* To create a KMS key with no key material (for imported key material), set the value to EXTERNAL. For
* more information about importing key material into KMS, see Importing Key Material in
* the Key Management Service Developer Guide. This value is valid only for symmetric encryption KMS keys.
*
*
* To create a KMS key in an KMS custom key store
* and create its key material in the associated CloudHSM cluster, set this value to AWS_CLOUDHSM. You
* must also use the CustomKeyStoreId parameter to identify the custom key store. This value is valid
* only for symmetric encryption KMS keys.
*
*
* @param origin
* The source of the key material for the KMS key. You cannot change the origin after you create the KMS key.
* The default is AWS_KMS, which means that KMS creates the key material.
*
* To create a KMS key with no key material (for imported key material), set the value to
* EXTERNAL. For more information about importing key material into KMS, see Importing Key
* Material in the Key Management Service Developer Guide. This value is valid only for symmetric
* encryption KMS keys.
*
*
* To create a KMS key in an KMS custom key
* store and create its key material in the associated CloudHSM cluster, set this value to
* AWS_CLOUDHSM. You must also use the CustomKeyStoreId parameter to identify the
* custom key store. This value is valid only for symmetric encryption KMS keys.
* @return Returns a reference to this object so that method calls can be chained together.
* @see OriginType
*/
public CreateKeyRequest withOrigin(OriginType origin) {
this.origin = origin.toString();
return this;
}
/**
*
* Creates the KMS key in the specified custom key store
* and the key material in its associated CloudHSM cluster. To create a KMS key in a custom key store, you must also
* specify the Origin parameter with a value of AWS_CLOUDHSM. The CloudHSM cluster that is
* associated with the custom key store must have at least two active HSMs, each in a different Availability Zone in
* the Region.
*
*
* This parameter is valid only for symmetric encryption KMS keys in a single Region. You cannot create any other
* type of KMS key in a custom key store.
*
*
* To find the ID of a custom key store, use the DescribeCustomKeyStores operation.
*
*
* The response includes the custom key store ID and the ID of the CloudHSM cluster.
*
*
* This operation is part of the custom key store
* feature feature in KMS, which combines the convenience and extensive integration of KMS with the isolation
* and control of a single-tenant key store.
*
*
* @param customKeyStoreId
* Creates the KMS key in the specified custom key
* store and the key material in its associated CloudHSM cluster. To create a KMS key in a custom key
* store, you must also specify the Origin parameter with a value of AWS_CLOUDHSM.
* The CloudHSM cluster that is associated with the custom key store must have at least two active HSMs, each
* in a different Availability Zone in the Region.
*
* This parameter is valid only for symmetric encryption KMS keys in a single Region. You cannot create any
* other type of KMS key in a custom key store.
*
*
* To find the ID of a custom key store, use the DescribeCustomKeyStores operation.
*
*
* The response includes the custom key store ID and the ID of the CloudHSM cluster.
*
*
* This operation is part of the custom key
* store feature feature in KMS, which combines the convenience and extensive integration of KMS with the
* isolation and control of a single-tenant key store.
*/
public void setCustomKeyStoreId(String customKeyStoreId) {
this.customKeyStoreId = customKeyStoreId;
}
/**
*
* Creates the KMS key in the specified custom key store
* and the key material in its associated CloudHSM cluster. To create a KMS key in a custom key store, you must also
* specify the Origin parameter with a value of AWS_CLOUDHSM. The CloudHSM cluster that is
* associated with the custom key store must have at least two active HSMs, each in a different Availability Zone in
* the Region.
*
*
* This parameter is valid only for symmetric encryption KMS keys in a single Region. You cannot create any other
* type of KMS key in a custom key store.
*
*
* To find the ID of a custom key store, use the DescribeCustomKeyStores operation.
*
*
* The response includes the custom key store ID and the ID of the CloudHSM cluster.
*
*
* This operation is part of the custom key store
* feature feature in KMS, which combines the convenience and extensive integration of KMS with the isolation
* and control of a single-tenant key store.
*
*
* @return Creates the KMS key in the specified custom key
* store and the key material in its associated CloudHSM cluster. To create a KMS key in a custom key
* store, you must also specify the Origin parameter with a value of AWS_CLOUDHSM.
* The CloudHSM cluster that is associated with the custom key store must have at least two active HSMs,
* each in a different Availability Zone in the Region.
*
* This parameter is valid only for symmetric encryption KMS keys in a single Region. You cannot create any
* other type of KMS key in a custom key store.
*
*
* To find the ID of a custom key store, use the DescribeCustomKeyStores operation.
*
*
* The response includes the custom key store ID and the ID of the CloudHSM cluster.
*
*
* This operation is part of the custom key
* store feature feature in KMS, which combines the convenience and extensive integration of KMS with
* the isolation and control of a single-tenant key store.
*/
public String getCustomKeyStoreId() {
return this.customKeyStoreId;
}
/**
*
* Creates the KMS key in the specified custom key store
* and the key material in its associated CloudHSM cluster. To create a KMS key in a custom key store, you must also
* specify the Origin parameter with a value of AWS_CLOUDHSM. The CloudHSM cluster that is
* associated with the custom key store must have at least two active HSMs, each in a different Availability Zone in
* the Region.
*
*
* This parameter is valid only for symmetric encryption KMS keys in a single Region. You cannot create any other
* type of KMS key in a custom key store.
*
*
* To find the ID of a custom key store, use the DescribeCustomKeyStores operation.
*
*
* The response includes the custom key store ID and the ID of the CloudHSM cluster.
*
*
* This operation is part of the custom key store
* feature feature in KMS, which combines the convenience and extensive integration of KMS with the isolation
* and control of a single-tenant key store.
*
*
* @param customKeyStoreId
* Creates the KMS key in the specified custom key
* store and the key material in its associated CloudHSM cluster. To create a KMS key in a custom key
* store, you must also specify the Origin parameter with a value of AWS_CLOUDHSM.
* The CloudHSM cluster that is associated with the custom key store must have at least two active HSMs, each
* in a different Availability Zone in the Region.
*
* This parameter is valid only for symmetric encryption KMS keys in a single Region. You cannot create any
* other type of KMS key in a custom key store.
*
*
* To find the ID of a custom key store, use the DescribeCustomKeyStores operation.
*
*
* The response includes the custom key store ID and the ID of the CloudHSM cluster.
*
*
* This operation is part of the custom key
* store feature feature in KMS, which combines the convenience and extensive integration of KMS with the
* isolation and control of a single-tenant key store.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public CreateKeyRequest withCustomKeyStoreId(String customKeyStoreId) {
setCustomKeyStoreId(customKeyStoreId);
return this;
}
/**
*
* A flag to indicate whether to bypass the key policy lockout safety check.
*
*
*
* Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to
* true indiscriminately.
*
*
* For more information, refer to the scenario in the Default Key Policy section in the Key Management Service Developer Guide .
*
*
*
* Use this parameter only when you include a policy in the request and you intend to prevent the principal that is
* making the request from making a subsequent PutKeyPolicy request on the KMS key.
*
*
* The default value is false.
*
*
* @param bypassPolicyLockoutSafetyCheck
* A flag to indicate whether to bypass the key policy lockout safety check.
*
* Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value
* to true indiscriminately.
*
*
* For more information, refer to the scenario in the Default Key Policy section in the Key Management Service Developer Guide .
*
*
*
* Use this parameter only when you include a policy in the request and you intend to prevent the principal
* that is making the request from making a subsequent PutKeyPolicy request on the KMS key.
*
*
* The default value is false.
*/
public void setBypassPolicyLockoutSafetyCheck(Boolean bypassPolicyLockoutSafetyCheck) {
this.bypassPolicyLockoutSafetyCheck = bypassPolicyLockoutSafetyCheck;
}
/**
*
* A flag to indicate whether to bypass the key policy lockout safety check.
*
*
*
* Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to
* true indiscriminately.
*
*
* For more information, refer to the scenario in the Default Key Policy section in the Key Management Service Developer Guide .
*
*
*
* Use this parameter only when you include a policy in the request and you intend to prevent the principal that is
* making the request from making a subsequent PutKeyPolicy request on the KMS key.
*
*
* The default value is false.
*
*
* @return A flag to indicate whether to bypass the key policy lockout safety check.
*
* Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this
* value to true indiscriminately.
*
*
* For more information, refer to the scenario in the Default Key Policy section in the Key Management Service Developer Guide .
*
*
*
* Use this parameter only when you include a policy in the request and you intend to prevent the principal
* that is making the request from making a subsequent PutKeyPolicy request on the KMS key.
*
*
* The default value is false.
*/
public Boolean getBypassPolicyLockoutSafetyCheck() {
return this.bypassPolicyLockoutSafetyCheck;
}
/**
*
* A flag to indicate whether to bypass the key policy lockout safety check.
*
*
*
* Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to
* true indiscriminately.
*
*
* For more information, refer to the scenario in the Default Key Policy section in the Key Management Service Developer Guide .
*
*
*
* Use this parameter only when you include a policy in the request and you intend to prevent the principal that is
* making the request from making a subsequent PutKeyPolicy request on the KMS key.
*
*
* The default value is false.
*
*
* @param bypassPolicyLockoutSafetyCheck
* A flag to indicate whether to bypass the key policy lockout safety check.
*
* Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value
* to true indiscriminately.
*
*
* For more information, refer to the scenario in the Default Key Policy section in the Key Management Service Developer Guide .
*
*
*
* Use this parameter only when you include a policy in the request and you intend to prevent the principal
* that is making the request from making a subsequent PutKeyPolicy request on the KMS key.
*
*
* The default value is false.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public CreateKeyRequest withBypassPolicyLockoutSafetyCheck(Boolean bypassPolicyLockoutSafetyCheck) {
setBypassPolicyLockoutSafetyCheck(bypassPolicyLockoutSafetyCheck);
return this;
}
/**
*
* A flag to indicate whether to bypass the key policy lockout safety check.
*
*
*
* Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to
* true indiscriminately.
*
*
* For more information, refer to the scenario in the Default Key Policy section in the Key Management Service Developer Guide .
*
*
*
* Use this parameter only when you include a policy in the request and you intend to prevent the principal that is
* making the request from making a subsequent PutKeyPolicy request on the KMS key.
*
*
* The default value is false.
*
*
* @return A flag to indicate whether to bypass the key policy lockout safety check.
*
* Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this
* value to true indiscriminately.
*
*
* For more information, refer to the scenario in the Default Key Policy section in the Key Management Service Developer Guide .
*
*
*
* Use this parameter only when you include a policy in the request and you intend to prevent the principal
* that is making the request from making a subsequent PutKeyPolicy request on the KMS key.
*
*
* The default value is false.
*/
public Boolean isBypassPolicyLockoutSafetyCheck() {
return this.bypassPolicyLockoutSafetyCheck;
}
/**
*
* Assigns one or more tags to the KMS key. Use this parameter to tag the KMS key when it is created. To tag an
* existing KMS key, use the TagResource operation.
*
*
*
* Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see ABAC in KMS in the Key Management
* Service Developer Guide.
*
*
*
* To use this parameter, you must have kms:TagResource permission in an IAM policy.
*
*
* Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the tag
* value can be an empty (null) string. You cannot have more than one tag on a KMS key with the same tag key. If you
* specify an existing tag key with a different tag value, KMS replaces the current tag value with the specified
* one.
*
*
* When you add tags to an Amazon Web Services resource, Amazon Web Services generates a cost allocation report with
* usage and costs aggregated by tags. Tags can also be used to control access to a KMS key. For details, see Tagging Keys.
*
*
* @return Assigns one or more tags to the KMS key. Use this parameter to tag the KMS key when it is created. To tag
* an existing KMS key, use the TagResource operation.
*
* Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see ABAC in KMS in the Key
* Management Service Developer Guide.
*
*
*
* To use this parameter, you must have kms:TagResource permission in an IAM policy.
*
*
* Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the
* tag value can be an empty (null) string. You cannot have more than one tag on a KMS key with the same tag
* key. If you specify an existing tag key with a different tag value, KMS replaces the current tag value
* with the specified one.
*
*
* When you add tags to an Amazon Web Services resource, Amazon Web Services generates a cost allocation
* report with usage and costs aggregated by tags. Tags can also be used to control access to a KMS key. For
* details, see Tagging
* Keys.
*/
public java.util.List getTags() {
if (tags == null) {
tags = new com.amazonaws.internal.SdkInternalList();
}
return tags;
}
/**
*
* Assigns one or more tags to the KMS key. Use this parameter to tag the KMS key when it is created. To tag an
* existing KMS key, use the TagResource operation.
*
*
*
* Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see ABAC in KMS in the Key Management
* Service Developer Guide.
*
*
*
* To use this parameter, you must have kms:TagResource permission in an IAM policy.
*
*
* Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the tag
* value can be an empty (null) string. You cannot have more than one tag on a KMS key with the same tag key. If you
* specify an existing tag key with a different tag value, KMS replaces the current tag value with the specified
* one.
*
*
* When you add tags to an Amazon Web Services resource, Amazon Web Services generates a cost allocation report with
* usage and costs aggregated by tags. Tags can also be used to control access to a KMS key. For details, see Tagging Keys.
*
*
* @param tags
* Assigns one or more tags to the KMS key. Use this parameter to tag the KMS key when it is created. To tag
* an existing KMS key, use the TagResource operation.
*
* Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see ABAC in KMS in the Key
* Management Service Developer Guide.
*
*
*
* To use this parameter, you must have kms:TagResource permission in an IAM policy.
*
*
* Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the
* tag value can be an empty (null) string. You cannot have more than one tag on a KMS key with the same tag
* key. If you specify an existing tag key with a different tag value, KMS replaces the current tag value
* with the specified one.
*
*
* When you add tags to an Amazon Web Services resource, Amazon Web Services generates a cost allocation
* report with usage and costs aggregated by tags. Tags can also be used to control access to a KMS key. For
* details, see Tagging
* Keys.
*/
public void setTags(java.util.Collection tags) {
if (tags == null) {
this.tags = null;
return;
}
this.tags = new com.amazonaws.internal.SdkInternalList(tags);
}
/**
*
* Assigns one or more tags to the KMS key. Use this parameter to tag the KMS key when it is created. To tag an
* existing KMS key, use the TagResource operation.
*
*
*
* Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see ABAC in KMS in the Key Management
* Service Developer Guide.
*
*
*
* To use this parameter, you must have kms:TagResource permission in an IAM policy.
*
*
* Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the tag
* value can be an empty (null) string. You cannot have more than one tag on a KMS key with the same tag key. If you
* specify an existing tag key with a different tag value, KMS replaces the current tag value with the specified
* one.
*
*
* When you add tags to an Amazon Web Services resource, Amazon Web Services generates a cost allocation report with
* usage and costs aggregated by tags. Tags can also be used to control access to a KMS key. For details, see Tagging Keys.
*
*
* NOTE: This method appends the values to the existing list (if any). Use
* {@link #setTags(java.util.Collection)} or {@link #withTags(java.util.Collection)} if you want to override the
* existing values.
*
*
* @param tags
* Assigns one or more tags to the KMS key. Use this parameter to tag the KMS key when it is created. To tag
* an existing KMS key, use the TagResource operation.
*
* Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see ABAC in KMS in the Key
* Management Service Developer Guide.
*
*
*
* To use this parameter, you must have kms:TagResource permission in an IAM policy.
*
*
* Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the
* tag value can be an empty (null) string. You cannot have more than one tag on a KMS key with the same tag
* key. If you specify an existing tag key with a different tag value, KMS replaces the current tag value
* with the specified one.
*
*
* When you add tags to an Amazon Web Services resource, Amazon Web Services generates a cost allocation
* report with usage and costs aggregated by tags. Tags can also be used to control access to a KMS key. For
* details, see Tagging
* Keys.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public CreateKeyRequest withTags(Tag... tags) {
if (this.tags == null) {
setTags(new com.amazonaws.internal.SdkInternalList(tags.length));
}
for (Tag ele : tags) {
this.tags.add(ele);
}
return this;
}
/**
*
* Assigns one or more tags to the KMS key. Use this parameter to tag the KMS key when it is created. To tag an
* existing KMS key, use the TagResource operation.
*
*
*
* Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see ABAC in KMS in the Key Management
* Service Developer Guide.
*
*
*
* To use this parameter, you must have kms:TagResource permission in an IAM policy.
*
*
* Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the tag
* value can be an empty (null) string. You cannot have more than one tag on a KMS key with the same tag key. If you
* specify an existing tag key with a different tag value, KMS replaces the current tag value with the specified
* one.
*
*
* When you add tags to an Amazon Web Services resource, Amazon Web Services generates a cost allocation report with
* usage and costs aggregated by tags. Tags can also be used to control access to a KMS key. For details, see Tagging Keys.
*
*
* @param tags
* Assigns one or more tags to the KMS key. Use this parameter to tag the KMS key when it is created. To tag
* an existing KMS key, use the TagResource operation.
*
* Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see ABAC in KMS in the Key
* Management Service Developer Guide.
*
*
*
* To use this parameter, you must have kms:TagResource permission in an IAM policy.
*
*
* Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the
* tag value can be an empty (null) string. You cannot have more than one tag on a KMS key with the same tag
* key. If you specify an existing tag key with a different tag value, KMS replaces the current tag value
* with the specified one.
*
*
* When you add tags to an Amazon Web Services resource, Amazon Web Services generates a cost allocation
* report with usage and costs aggregated by tags. Tags can also be used to control access to a KMS key. For
* details, see Tagging
* Keys.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public CreateKeyRequest withTags(java.util.Collection tags) {
setTags(tags);
return this;
}
/**
*
* Creates a multi-Region primary key that you can replicate into other Amazon Web Services Regions. You cannot
* change this value after you create the KMS key.
*
*
* For a multi-Region key, set this parameter to True. For a single-Region KMS key, omit this parameter
* or set it to False. The default value is False.
*
*
* This operation supports multi-Region keys, an KMS feature that lets you create multiple interoperable KMS
* keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key material, and
* other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt it
* in a different Amazon Web Services Region without re-encrypting the data or making a cross-Region call. For more
* information about multi-Region keys, see Multi-Region keys in
* KMS in the Key Management Service Developer Guide.
*
*
* This value creates a primary key, not a replica. To create a replica key, use the
* ReplicateKey operation.
*
*
* You can create a multi-Region version of a symmetric encryption KMS key, an HMAC KMS key, an asymmetric KMS key,
* or a KMS key with imported key material. However, you cannot create a multi-Region key in a custom key store.
*
*
* @param multiRegion
* Creates a multi-Region primary key that you can replicate into other Amazon Web Services Regions. You
* cannot change this value after you create the KMS key.
*
* For a multi-Region key, set this parameter to True. For a single-Region KMS key, omit this
* parameter or set it to False. The default value is False.
*
*
* This operation supports multi-Region keys, an KMS feature that lets you create multiple
* interoperable KMS keys in different Amazon Web Services Regions. Because these KMS keys have the same key
* ID, key material, and other metadata, you can use them interchangeably to encrypt data in one Amazon Web
* Services Region and decrypt it in a different Amazon Web Services Region without re-encrypting the data or
* making a cross-Region call. For more information about multi-Region keys, see Multi-Region
* keys in KMS in the Key Management Service Developer Guide.
*
*
* This value creates a primary key, not a replica. To create a replica key, use the
* ReplicateKey operation.
*
*
* You can create a multi-Region version of a symmetric encryption KMS key, an HMAC KMS key, an asymmetric
* KMS key, or a KMS key with imported key material. However, you cannot create a multi-Region key in a
* custom key store.
*/
public void setMultiRegion(Boolean multiRegion) {
this.multiRegion = multiRegion;
}
/**
*
* Creates a multi-Region primary key that you can replicate into other Amazon Web Services Regions. You cannot
* change this value after you create the KMS key.
*
*
* For a multi-Region key, set this parameter to True. For a single-Region KMS key, omit this parameter
* or set it to False. The default value is False.
*
*
* This operation supports multi-Region keys, an KMS feature that lets you create multiple interoperable KMS
* keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key material, and
* other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt it
* in a different Amazon Web Services Region without re-encrypting the data or making a cross-Region call. For more
* information about multi-Region keys, see Multi-Region keys in
* KMS in the Key Management Service Developer Guide.
*
*
* This value creates a primary key, not a replica. To create a replica key, use the
* ReplicateKey operation.
*
*
* You can create a multi-Region version of a symmetric encryption KMS key, an HMAC KMS key, an asymmetric KMS key,
* or a KMS key with imported key material. However, you cannot create a multi-Region key in a custom key store.
*
*
* @return Creates a multi-Region primary key that you can replicate into other Amazon Web Services Regions. You
* cannot change this value after you create the KMS key.
*
* For a multi-Region key, set this parameter to True. For a single-Region KMS key, omit this
* parameter or set it to False. The default value is False.
*
*
* This operation supports multi-Region keys, an KMS feature that lets you create multiple
* interoperable KMS keys in different Amazon Web Services Regions. Because these KMS keys have the same key
* ID, key material, and other metadata, you can use them interchangeably to encrypt data in one Amazon Web
* Services Region and decrypt it in a different Amazon Web Services Region without re-encrypting the data
* or making a cross-Region call. For more information about multi-Region keys, see Multi-Region
* keys in KMS in the Key Management Service Developer Guide.
*
*
* This value creates a primary key, not a replica. To create a replica key, use the
* ReplicateKey operation.
*
*
* You can create a multi-Region version of a symmetric encryption KMS key, an HMAC KMS key, an asymmetric
* KMS key, or a KMS key with imported key material. However, you cannot create a multi-Region key in a
* custom key store.
*/
public Boolean getMultiRegion() {
return this.multiRegion;
}
/**
*
* Creates a multi-Region primary key that you can replicate into other Amazon Web Services Regions. You cannot
* change this value after you create the KMS key.
*
*
* For a multi-Region key, set this parameter to True. For a single-Region KMS key, omit this parameter
* or set it to False. The default value is False.
*
*
* This operation supports multi-Region keys, an KMS feature that lets you create multiple interoperable KMS
* keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key material, and
* other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt it
* in a different Amazon Web Services Region without re-encrypting the data or making a cross-Region call. For more
* information about multi-Region keys, see Multi-Region keys in
* KMS in the Key Management Service Developer Guide.
*
*
* This value creates a primary key, not a replica. To create a replica key, use the
* ReplicateKey operation.
*
*
* You can create a multi-Region version of a symmetric encryption KMS key, an HMAC KMS key, an asymmetric KMS key,
* or a KMS key with imported key material. However, you cannot create a multi-Region key in a custom key store.
*
*
* @param multiRegion
* Creates a multi-Region primary key that you can replicate into other Amazon Web Services Regions. You
* cannot change this value after you create the KMS key.
*
* For a multi-Region key, set this parameter to True. For a single-Region KMS key, omit this
* parameter or set it to False. The default value is False.
*
*
* This operation supports multi-Region keys, an KMS feature that lets you create multiple
* interoperable KMS keys in different Amazon Web Services Regions. Because these KMS keys have the same key
* ID, key material, and other metadata, you can use them interchangeably to encrypt data in one Amazon Web
* Services Region and decrypt it in a different Amazon Web Services Region without re-encrypting the data or
* making a cross-Region call. For more information about multi-Region keys, see Multi-Region
* keys in KMS in the Key Management Service Developer Guide.
*
*
* This value creates a primary key, not a replica. To create a replica key, use the
* ReplicateKey operation.
*
*
* You can create a multi-Region version of a symmetric encryption KMS key, an HMAC KMS key, an asymmetric
* KMS key, or a KMS key with imported key material. However, you cannot create a multi-Region key in a
* custom key store.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public CreateKeyRequest withMultiRegion(Boolean multiRegion) {
setMultiRegion(multiRegion);
return this;
}
/**
*
* Creates a multi-Region primary key that you can replicate into other Amazon Web Services Regions. You cannot
* change this value after you create the KMS key.
*
*
* For a multi-Region key, set this parameter to True. For a single-Region KMS key, omit this parameter
* or set it to False. The default value is False.
*
*
* This operation supports multi-Region keys, an KMS feature that lets you create multiple interoperable KMS
* keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key material, and
* other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt it
* in a different Amazon Web Services Region without re-encrypting the data or making a cross-Region call. For more
* information about multi-Region keys, see Multi-Region keys in
* KMS in the Key Management Service Developer Guide.
*
*
* This value creates a primary key, not a replica. To create a replica key, use the
* ReplicateKey operation.
*
*
* You can create a multi-Region version of a symmetric encryption KMS key, an HMAC KMS key, an asymmetric KMS key,
* or a KMS key with imported key material. However, you cannot create a multi-Region key in a custom key store.
*
*
* @return Creates a multi-Region primary key that you can replicate into other Amazon Web Services Regions. You
* cannot change this value after you create the KMS key.
*
* For a multi-Region key, set this parameter to True. For a single-Region KMS key, omit this
* parameter or set it to False. The default value is False.
*
*
* This operation supports multi-Region keys, an KMS feature that lets you create multiple
* interoperable KMS keys in different Amazon Web Services Regions. Because these KMS keys have the same key
* ID, key material, and other metadata, you can use them interchangeably to encrypt data in one Amazon Web
* Services Region and decrypt it in a different Amazon Web Services Region without re-encrypting the data
* or making a cross-Region call. For more information about multi-Region keys, see Multi-Region
* keys in KMS in the Key Management Service Developer Guide.
*
*
* This value creates a primary key, not a replica. To create a replica key, use the
* ReplicateKey operation.
*
*
* You can create a multi-Region version of a symmetric encryption KMS key, an HMAC KMS key, an asymmetric
* KMS key, or a KMS key with imported key material. However, you cannot create a multi-Region key in a
* custom key store.
*/
public Boolean isMultiRegion() {
return this.multiRegion;
}
/**
* Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be
* redacted from this string using a placeholder value.
*
* @return A string representation of this object.
*
* @see java.lang.Object#toString()
*/
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("{");
if (getPolicy() != null)
sb.append("Policy: ").append(getPolicy()).append(",");
if (getDescription() != null)
sb.append("Description: ").append(getDescription()).append(",");
if (getKeyUsage() != null)
sb.append("KeyUsage: ").append(getKeyUsage()).append(",");
if (getCustomerMasterKeySpec() != null)
sb.append("CustomerMasterKeySpec: ").append(getCustomerMasterKeySpec()).append(",");
if (getKeySpec() != null)
sb.append("KeySpec: ").append(getKeySpec()).append(",");
if (getOrigin() != null)
sb.append("Origin: ").append(getOrigin()).append(",");
if (getCustomKeyStoreId() != null)
sb.append("CustomKeyStoreId: ").append(getCustomKeyStoreId()).append(",");
if (getBypassPolicyLockoutSafetyCheck() != null)
sb.append("BypassPolicyLockoutSafetyCheck: ").append(getBypassPolicyLockoutSafetyCheck()).append(",");
if (getTags() != null)
sb.append("Tags: ").append(getTags()).append(",");
if (getMultiRegion() != null)
sb.append("MultiRegion: ").append(getMultiRegion());
sb.append("}");
return sb.toString();
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (obj instanceof CreateKeyRequest == false)
return false;
CreateKeyRequest other = (CreateKeyRequest) obj;
if (other.getPolicy() == null ^ this.getPolicy() == null)
return false;
if (other.getPolicy() != null && other.getPolicy().equals(this.getPolicy()) == false)
return false;
if (other.getDescription() == null ^ this.getDescription() == null)
return false;
if (other.getDescription() != null && other.getDescription().equals(this.getDescription()) == false)
return false;
if (other.getKeyUsage() == null ^ this.getKeyUsage() == null)
return false;
if (other.getKeyUsage() != null && other.getKeyUsage().equals(this.getKeyUsage()) == false)
return false;
if (other.getCustomerMasterKeySpec() == null ^ this.getCustomerMasterKeySpec() == null)
return false;
if (other.getCustomerMasterKeySpec() != null && other.getCustomerMasterKeySpec().equals(this.getCustomerMasterKeySpec()) == false)
return false;
if (other.getKeySpec() == null ^ this.getKeySpec() == null)
return false;
if (other.getKeySpec() != null && other.getKeySpec().equals(this.getKeySpec()) == false)
return false;
if (other.getOrigin() == null ^ this.getOrigin() == null)
return false;
if (other.getOrigin() != null && other.getOrigin().equals(this.getOrigin()) == false)
return false;
if (other.getCustomKeyStoreId() == null ^ this.getCustomKeyStoreId() == null)
return false;
if (other.getCustomKeyStoreId() != null && other.getCustomKeyStoreId().equals(this.getCustomKeyStoreId()) == false)
return false;
if (other.getBypassPolicyLockoutSafetyCheck() == null ^ this.getBypassPolicyLockoutSafetyCheck() == null)
return false;
if (other.getBypassPolicyLockoutSafetyCheck() != null
&& other.getBypassPolicyLockoutSafetyCheck().equals(this.getBypassPolicyLockoutSafetyCheck()) == false)
return false;
if (other.getTags() == null ^ this.getTags() == null)
return false;
if (other.getTags() != null && other.getTags().equals(this.getTags()) == false)
return false;
if (other.getMultiRegion() == null ^ this.getMultiRegion() == null)
return false;
if (other.getMultiRegion() != null && other.getMultiRegion().equals(this.getMultiRegion()) == false)
return false;
return true;
}
@Override
public int hashCode() {
final int prime = 31;
int hashCode = 1;
hashCode = prime * hashCode + ((getPolicy() == null) ? 0 : getPolicy().hashCode());
hashCode = prime * hashCode + ((getDescription() == null) ? 0 : getDescription().hashCode());
hashCode = prime * hashCode + ((getKeyUsage() == null) ? 0 : getKeyUsage().hashCode());
hashCode = prime * hashCode + ((getCustomerMasterKeySpec() == null) ? 0 : getCustomerMasterKeySpec().hashCode());
hashCode = prime * hashCode + ((getKeySpec() == null) ? 0 : getKeySpec().hashCode());
hashCode = prime * hashCode + ((getOrigin() == null) ? 0 : getOrigin().hashCode());
hashCode = prime * hashCode + ((getCustomKeyStoreId() == null) ? 0 : getCustomKeyStoreId().hashCode());
hashCode = prime * hashCode + ((getBypassPolicyLockoutSafetyCheck() == null) ? 0 : getBypassPolicyLockoutSafetyCheck().hashCode());
hashCode = prime * hashCode + ((getTags() == null) ? 0 : getTags().hashCode());
hashCode = prime * hashCode + ((getMultiRegion() == null) ? 0 : getMultiRegion().hashCode());
return hashCode;
}
@Override
public CreateKeyRequest clone() {
return (CreateKeyRequest) super.clone();
}
}