All Downloads are FREE. Search and download functionalities are using the official Maven repository.

software.amazon.awssdk.services.kms.model.CreateCustomKeyStoreRequest Maven / Gradle / Ivy

Go to download

The AWS Java SDK for AWS KMS module holds the client classes that are used for communicating with AWS Key Management Service

There is a newer version: 2.30.1
Show newest version
/*
 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 * 
 * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
 * the License. A copy of the License is located at
 * 
 * http://aws.amazon.com/apache2.0
 * 
 * or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 * CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
 * and limitations under the License.
 */

package software.amazon.awssdk.services.kms.model;

import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.function.BiConsumer;
import java.util.function.Consumer;
import java.util.function.Function;
import software.amazon.awssdk.annotations.Generated;
import software.amazon.awssdk.awscore.AwsRequestOverrideConfiguration;
import software.amazon.awssdk.core.SdkField;
import software.amazon.awssdk.core.SdkPojo;
import software.amazon.awssdk.core.protocol.MarshallLocation;
import software.amazon.awssdk.core.protocol.MarshallingType;
import software.amazon.awssdk.core.traits.LocationTrait;
import software.amazon.awssdk.utils.ToString;
import software.amazon.awssdk.utils.builder.CopyableBuilder;
import software.amazon.awssdk.utils.builder.ToCopyableBuilder;

/**
 */
@Generated("software.amazon.awssdk:codegen")
public final class CreateCustomKeyStoreRequest extends KmsRequest implements
        ToCopyableBuilder {
    private static final SdkField CUSTOM_KEY_STORE_NAME_FIELD = SdkField. builder(MarshallingType.STRING)
            .memberName("CustomKeyStoreName").getter(getter(CreateCustomKeyStoreRequest::customKeyStoreName))
            .setter(setter(Builder::customKeyStoreName))
            .traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("CustomKeyStoreName").build())
            .build();

    private static final SdkField CLOUD_HSM_CLUSTER_ID_FIELD = SdkField. builder(MarshallingType.STRING)
            .memberName("CloudHsmClusterId").getter(getter(CreateCustomKeyStoreRequest::cloudHsmClusterId))
            .setter(setter(Builder::cloudHsmClusterId))
            .traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("CloudHsmClusterId").build()).build();

    private static final SdkField TRUST_ANCHOR_CERTIFICATE_FIELD = SdkField. builder(MarshallingType.STRING)
            .memberName("TrustAnchorCertificate").getter(getter(CreateCustomKeyStoreRequest::trustAnchorCertificate))
            .setter(setter(Builder::trustAnchorCertificate))
            .traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("TrustAnchorCertificate").build())
            .build();

    private static final SdkField KEY_STORE_PASSWORD_FIELD = SdkField. builder(MarshallingType.STRING)
            .memberName("KeyStorePassword").getter(getter(CreateCustomKeyStoreRequest::keyStorePassword))
            .setter(setter(Builder::keyStorePassword))
            .traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("KeyStorePassword").build()).build();

    private static final SdkField CUSTOM_KEY_STORE_TYPE_FIELD = SdkField. builder(MarshallingType.STRING)
            .memberName("CustomKeyStoreType").getter(getter(CreateCustomKeyStoreRequest::customKeyStoreTypeAsString))
            .setter(setter(Builder::customKeyStoreType))
            .traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("CustomKeyStoreType").build())
            .build();

    private static final SdkField XKS_PROXY_URI_ENDPOINT_FIELD = SdkField. builder(MarshallingType.STRING)
            .memberName("XksProxyUriEndpoint").getter(getter(CreateCustomKeyStoreRequest::xksProxyUriEndpoint))
            .setter(setter(Builder::xksProxyUriEndpoint))
            .traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("XksProxyUriEndpoint").build())
            .build();

    private static final SdkField XKS_PROXY_URI_PATH_FIELD = SdkField. builder(MarshallingType.STRING)
            .memberName("XksProxyUriPath").getter(getter(CreateCustomKeyStoreRequest::xksProxyUriPath))
            .setter(setter(Builder::xksProxyUriPath))
            .traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("XksProxyUriPath").build()).build();

    private static final SdkField XKS_PROXY_VPC_ENDPOINT_SERVICE_NAME_FIELD = SdkField
            . builder(MarshallingType.STRING)
            .memberName("XksProxyVpcEndpointServiceName")
            .getter(getter(CreateCustomKeyStoreRequest::xksProxyVpcEndpointServiceName))
            .setter(setter(Builder::xksProxyVpcEndpointServiceName))
            .traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("XksProxyVpcEndpointServiceName")
                    .build()).build();

    private static final SdkField XKS_PROXY_AUTHENTICATION_CREDENTIAL_FIELD = SdkField
            . builder(MarshallingType.SDK_POJO)
            .memberName("XksProxyAuthenticationCredential")
            .getter(getter(CreateCustomKeyStoreRequest::xksProxyAuthenticationCredential))
            .setter(setter(Builder::xksProxyAuthenticationCredential))
            .constructor(XksProxyAuthenticationCredentialType::builder)
            .traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("XksProxyAuthenticationCredential")
                    .build()).build();

    private static final SdkField XKS_PROXY_CONNECTIVITY_FIELD = SdkField. builder(MarshallingType.STRING)
            .memberName("XksProxyConnectivity").getter(getter(CreateCustomKeyStoreRequest::xksProxyConnectivityAsString))
            .setter(setter(Builder::xksProxyConnectivity))
            .traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("XksProxyConnectivity").build())
            .build();

    private static final List> SDK_FIELDS = Collections.unmodifiableList(Arrays.asList(CUSTOM_KEY_STORE_NAME_FIELD,
            CLOUD_HSM_CLUSTER_ID_FIELD, TRUST_ANCHOR_CERTIFICATE_FIELD, KEY_STORE_PASSWORD_FIELD, CUSTOM_KEY_STORE_TYPE_FIELD,
            XKS_PROXY_URI_ENDPOINT_FIELD, XKS_PROXY_URI_PATH_FIELD, XKS_PROXY_VPC_ENDPOINT_SERVICE_NAME_FIELD,
            XKS_PROXY_AUTHENTICATION_CREDENTIAL_FIELD, XKS_PROXY_CONNECTIVITY_FIELD));

    private final String customKeyStoreName;

    private final String cloudHsmClusterId;

    private final String trustAnchorCertificate;

    private final String keyStorePassword;

    private final String customKeyStoreType;

    private final String xksProxyUriEndpoint;

    private final String xksProxyUriPath;

    private final String xksProxyVpcEndpointServiceName;

    private final XksProxyAuthenticationCredentialType xksProxyAuthenticationCredential;

    private final String xksProxyConnectivity;

    private CreateCustomKeyStoreRequest(BuilderImpl builder) {
        super(builder);
        this.customKeyStoreName = builder.customKeyStoreName;
        this.cloudHsmClusterId = builder.cloudHsmClusterId;
        this.trustAnchorCertificate = builder.trustAnchorCertificate;
        this.keyStorePassword = builder.keyStorePassword;
        this.customKeyStoreType = builder.customKeyStoreType;
        this.xksProxyUriEndpoint = builder.xksProxyUriEndpoint;
        this.xksProxyUriPath = builder.xksProxyUriPath;
        this.xksProxyVpcEndpointServiceName = builder.xksProxyVpcEndpointServiceName;
        this.xksProxyAuthenticationCredential = builder.xksProxyAuthenticationCredential;
        this.xksProxyConnectivity = builder.xksProxyConnectivity;
    }

    /**
     * 

* Specifies a friendly name for the custom key store. The name must be unique in your Amazon Web Services account * and Region. This parameter is required for all custom key stores. *

* *

* Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in * CloudTrail logs and other output. *

*
* * @return Specifies a friendly name for the custom key store. The name must be unique in your Amazon Web Services * account and Region. This parameter is required for all custom key stores.

*

* Do not include confidential or sensitive information in this field. This field may be displayed in * plaintext in CloudTrail logs and other output. *

*/ public final String customKeyStoreName() { return customKeyStoreName; } /** *

* Identifies the CloudHSM cluster for an CloudHSM key store. This parameter is required for custom key stores with * CustomKeyStoreType of AWS_CLOUDHSM. *

*

* Enter the cluster ID of any active CloudHSM cluster that is not already associated with a custom key store. To * find the cluster ID, use the DescribeClusters * operation. *

* * @return Identifies the CloudHSM cluster for an CloudHSM key store. This parameter is required for custom key * stores with CustomKeyStoreType of AWS_CLOUDHSM.

*

* Enter the cluster ID of any active CloudHSM cluster that is not already associated with a custom key * store. To find the cluster ID, use the DescribeClusters operation. */ public final String cloudHsmClusterId() { return cloudHsmClusterId; } /** *

* Specifies the certificate for an CloudHSM key store. This parameter is required for custom key stores with a * CustomKeyStoreType of AWS_CLOUDHSM. *

*

* Enter the content of the trust anchor certificate for the CloudHSM cluster. This is the content of the * customerCA.crt file that you created when you initialized the cluster. *

* * @return Specifies the certificate for an CloudHSM key store. This parameter is required for custom key stores * with a CustomKeyStoreType of AWS_CLOUDHSM.

*

* Enter the content of the trust anchor certificate for the CloudHSM cluster. This is the content of the * customerCA.crt file that you created when you initialized the * cluster. */ public final String trustAnchorCertificate() { return trustAnchorCertificate; } /** *

* Specifies the kmsuser password for an CloudHSM key store. This parameter is required for custom key * stores with a CustomKeyStoreType of AWS_CLOUDHSM. *

*

* Enter the password of the * kmsuser crypto user (CU) account in the specified CloudHSM cluster. KMS logs into the cluster as * this user to manage key material on your behalf. *

*

* The password must be a string of 7 to 32 characters. Its value is case sensitive. *

*

* This parameter tells KMS the kmsuser account password; it does not change the password in the * CloudHSM cluster. *

* * @return Specifies the kmsuser password for an CloudHSM key store. This parameter is required for * custom key stores with a CustomKeyStoreType of AWS_CLOUDHSM.

*

* Enter the password of the * kmsuser crypto user (CU) account in the specified CloudHSM cluster. KMS logs into the * cluster as this user to manage key material on your behalf. *

*

* The password must be a string of 7 to 32 characters. Its value is case sensitive. *

*

* This parameter tells KMS the kmsuser account password; it does not change the password in * the CloudHSM cluster. */ public final String keyStorePassword() { return keyStorePassword; } /** *

* Specifies the type of custom key store. The default value is AWS_CLOUDHSM. *

*

* For a custom key store backed by an CloudHSM cluster, omit the parameter or enter AWS_CLOUDHSM. For * a custom key store backed by an external key manager outside of Amazon Web Services, enter * EXTERNAL_KEY_STORE. You cannot change this property after the key store is created. *

*

* If the service returns an enum value that is not available in the current SDK version, * {@link #customKeyStoreType} will return {@link CustomKeyStoreType#UNKNOWN_TO_SDK_VERSION}. The raw value returned * by the service is available from {@link #customKeyStoreTypeAsString}. *

* * @return Specifies the type of custom key store. The default value is AWS_CLOUDHSM.

*

* For a custom key store backed by an CloudHSM cluster, omit the parameter or enter * AWS_CLOUDHSM. For a custom key store backed by an external key manager outside of Amazon Web * Services, enter EXTERNAL_KEY_STORE. You cannot change this property after the key store is * created. * @see CustomKeyStoreType */ public final CustomKeyStoreType customKeyStoreType() { return CustomKeyStoreType.fromValue(customKeyStoreType); } /** *

* Specifies the type of custom key store. The default value is AWS_CLOUDHSM. *

*

* For a custom key store backed by an CloudHSM cluster, omit the parameter or enter AWS_CLOUDHSM. For * a custom key store backed by an external key manager outside of Amazon Web Services, enter * EXTERNAL_KEY_STORE. You cannot change this property after the key store is created. *

*

* If the service returns an enum value that is not available in the current SDK version, * {@link #customKeyStoreType} will return {@link CustomKeyStoreType#UNKNOWN_TO_SDK_VERSION}. The raw value returned * by the service is available from {@link #customKeyStoreTypeAsString}. *

* * @return Specifies the type of custom key store. The default value is AWS_CLOUDHSM.

*

* For a custom key store backed by an CloudHSM cluster, omit the parameter or enter * AWS_CLOUDHSM. For a custom key store backed by an external key manager outside of Amazon Web * Services, enter EXTERNAL_KEY_STORE. You cannot change this property after the key store is * created. * @see CustomKeyStoreType */ public final String customKeyStoreTypeAsString() { return customKeyStoreType; } /** *

* Specifies the endpoint that KMS uses to send requests to the external key store proxy (XKS proxy). This parameter * is required for custom key stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE. *

*

* The protocol must be HTTPS. KMS communicates on port 443. Do not specify the port in the * XksProxyUriEndpoint value. *

*

* For external key stores with XksProxyConnectivity value of VPC_ENDPOINT_SERVICE, * specify https:// followed by the private DNS name of the VPC endpoint service. *

*

* For external key stores with PUBLIC_ENDPOINT connectivity, this endpoint must be reachable before * you create the custom key store. KMS connects to the external key store proxy while creating the custom key * store. For external key stores with VPC_ENDPOINT_SERVICE connectivity, KMS connects when you call * the ConnectCustomKeyStore operation. *

*

* The value of this parameter must begin with https://. The remainder can contain upper and lower case * letters (A-Z and a-z), numbers (0-9), dots (.), and hyphens (-). Additional slashes ( * / and \) are not permitted. *

*

* Uniqueness requirements: *

*
    *
  • *

    * The combined XksProxyUriEndpoint and XksProxyUriPath values must be unique in the * Amazon Web Services account and Region. *

    *
  • *
  • *

    * An external key store with PUBLIC_ENDPOINT connectivity cannot use the same * XksProxyUriEndpoint value as an external key store with VPC_ENDPOINT_SERVICE * connectivity in this Amazon Web Services Region. *

    *
  • *
  • *

    * Each external key store with VPC_ENDPOINT_SERVICE connectivity must have its own private DNS name. * The XksProxyUriEndpoint value for external key stores with VPC_ENDPOINT_SERVICE * connectivity (private DNS name) must be unique in the Amazon Web Services account and Region. *

    *
  • *
* * @return Specifies the endpoint that KMS uses to send requests to the external key store proxy (XKS proxy). This * parameter is required for custom key stores with a CustomKeyStoreType of * EXTERNAL_KEY_STORE.

*

* The protocol must be HTTPS. KMS communicates on port 443. Do not specify the port in the * XksProxyUriEndpoint value. *

*

* For external key stores with XksProxyConnectivity value of VPC_ENDPOINT_SERVICE * , specify https:// followed by the private DNS name of the VPC endpoint service. *

*

* For external key stores with PUBLIC_ENDPOINT connectivity, this endpoint must be reachable * before you create the custom key store. KMS connects to the external key store proxy while creating the * custom key store. For external key stores with VPC_ENDPOINT_SERVICE connectivity, KMS * connects when you call the ConnectCustomKeyStore operation. *

*

* The value of this parameter must begin with https://. The remainder can contain upper and * lower case letters (A-Z and a-z), numbers (0-9), dots (.), and hyphens (-). * Additional slashes (/ and \) are not permitted. *

*

* Uniqueness requirements: *

*
    *
  • *

    * The combined XksProxyUriEndpoint and XksProxyUriPath values must be unique in * the Amazon Web Services account and Region. *

    *
  • *
  • *

    * An external key store with PUBLIC_ENDPOINT connectivity cannot use the same * XksProxyUriEndpoint value as an external key store with VPC_ENDPOINT_SERVICE * connectivity in this Amazon Web Services Region. *

    *
  • *
  • *

    * Each external key store with VPC_ENDPOINT_SERVICE connectivity must have its own private DNS * name. The XksProxyUriEndpoint value for external key stores with * VPC_ENDPOINT_SERVICE connectivity (private DNS name) must be unique in the Amazon Web * Services account and Region. *

    *
  • */ public final String xksProxyUriEndpoint() { return xksProxyUriEndpoint; } /** *

    * Specifies the base path to the proxy APIs for this external key store. To find this value, see the documentation * for your external key store proxy. This parameter is required for all custom key stores with a * CustomKeyStoreType of EXTERNAL_KEY_STORE. *

    *

    * The value must start with / and must end with /kms/xks/v1 where v1 * represents the version of the KMS external key store proxy API. This path can include an optional prefix between * the required elements such as /prefix/kms/xks/v1. *

    *

    * Uniqueness requirements: *

    *
      *
    • *

      * The combined XksProxyUriEndpoint and XksProxyUriPath values must be unique in the * Amazon Web Services account and Region. *

      *
    • *
    * * @return Specifies the base path to the proxy APIs for this external key store. To find this value, see the * documentation for your external key store proxy. This parameter is required for all custom key stores * with a CustomKeyStoreType of EXTERNAL_KEY_STORE.

    *

    * The value must start with / and must end with /kms/xks/v1 where v1 * represents the version of the KMS external key store proxy API. This path can include an optional prefix * between the required elements such as /prefix/kms/xks/v1. *

    *

    * Uniqueness requirements: *

    *
      *
    • *

      * The combined XksProxyUriEndpoint and XksProxyUriPath values must be unique in * the Amazon Web Services account and Region. *

      *
    • */ public final String xksProxyUriPath() { return xksProxyUriPath; } /** *

      * Specifies the name of the Amazon VPC endpoint service for interface endpoints that is used to communicate with * your external key store proxy (XKS proxy). This parameter is required when the value of * CustomKeyStoreType is EXTERNAL_KEY_STORE and the value of * XksProxyConnectivity is VPC_ENDPOINT_SERVICE. *

      *

      * The Amazon VPC endpoint service must fulfill * all requirements for use with an external key store. *

      *

      * Uniqueness requirements: *

      *
        *
      • *

        * External key stores with VPC_ENDPOINT_SERVICE connectivity can share an Amazon VPC, but each * external key store must have its own VPC endpoint service and private DNS name. *

        *
      • *
      * * @return Specifies the name of the Amazon VPC endpoint service for interface endpoints that is used to communicate * with your external key store proxy (XKS proxy). This parameter is required when the value of * CustomKeyStoreType is EXTERNAL_KEY_STORE and the value of * XksProxyConnectivity is VPC_ENDPOINT_SERVICE.

      *

      * The Amazon VPC endpoint service must fulfill all requirements for use with an external key store. *

      *

      * Uniqueness requirements: *

      *
        *
      • *

        * External key stores with VPC_ENDPOINT_SERVICE connectivity can share an Amazon VPC, but each * external key store must have its own VPC endpoint service and private DNS name. *

        *
      • */ public final String xksProxyVpcEndpointServiceName() { return xksProxyVpcEndpointServiceName; } /** *

        * Specifies an authentication credential for the external key store proxy (XKS proxy). This parameter is required * for all custom key stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE. *

        *

        * The XksProxyAuthenticationCredential has two required elements: RawSecretAccessKey, a * secret key, and AccessKeyId, a unique identifier for the RawSecretAccessKey. For * character requirements, see * XksProxyAuthenticationCredentialType. *

        *

        * KMS uses this authentication credential to sign requests to the external key store proxy on your behalf. This * credential is unrelated to Identity and Access Management (IAM) and Amazon Web Services credentials. *

        *

        * This parameter doesn't set or change the authentication credentials on the XKS proxy. It just tells KMS the * credential that you established on your external key store proxy. If you rotate your proxy authentication * credential, use the UpdateCustomKeyStore operation to provide the new credential to KMS. *

        * * @return Specifies an authentication credential for the external key store proxy (XKS proxy). This parameter is * required for all custom key stores with a CustomKeyStoreType of * EXTERNAL_KEY_STORE.

        *

        * The XksProxyAuthenticationCredential has two required elements: * RawSecretAccessKey, a secret key, and AccessKeyId, a unique identifier for the * RawSecretAccessKey. For character requirements, see XksProxyAuthenticationCredentialType. *

        *

        * KMS uses this authentication credential to sign requests to the external key store proxy on your behalf. * This credential is unrelated to Identity and Access Management (IAM) and Amazon Web Services credentials. *

        *

        * This parameter doesn't set or change the authentication credentials on the XKS proxy. It just tells KMS * the credential that you established on your external key store proxy. If you rotate your proxy * authentication credential, use the UpdateCustomKeyStore operation to provide the new credential to * KMS. */ public final XksProxyAuthenticationCredentialType xksProxyAuthenticationCredential() { return xksProxyAuthenticationCredential; } /** *

        * Indicates how KMS communicates with the external key store proxy. This parameter is required for custom key * stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE. *

        *

        * If the external key store proxy uses a public endpoint, specify PUBLIC_ENDPOINT. If the external key * store proxy uses a Amazon VPC endpoint service for communication with KMS, specify * VPC_ENDPOINT_SERVICE. For help making this choice, see Choosing a connectivity option in the Key Management Service Developer Guide. *

        *

        * An Amazon VPC endpoint service keeps your communication with KMS in a private address space entirely within * Amazon Web Services, but it requires more configuration, including establishing a Amazon VPC with multiple * subnets, a VPC endpoint service, a network load balancer, and a verified private DNS name. A public endpoint is * simpler to set up, but it might be slower and might not fulfill your security requirements. You might consider * testing with a public endpoint, and then establishing a VPC endpoint service for production tasks. Note that this * choice does not determine the location of the external key store proxy. Even if you choose a VPC endpoint * service, the proxy can be hosted within the VPC or outside of Amazon Web Services such as in your corporate data * center. *

        *

        * If the service returns an enum value that is not available in the current SDK version, * {@link #xksProxyConnectivity} will return {@link XksProxyConnectivityType#UNKNOWN_TO_SDK_VERSION}. The raw value * returned by the service is available from {@link #xksProxyConnectivityAsString}. *

        * * @return Indicates how KMS communicates with the external key store proxy. This parameter is required for custom * key stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE.

        *

        * If the external key store proxy uses a public endpoint, specify PUBLIC_ENDPOINT. If the * external key store proxy uses a Amazon VPC endpoint service for communication with KMS, specify * VPC_ENDPOINT_SERVICE. For help making this choice, see Choosing a connectivity option in the Key Management Service Developer Guide. *

        *

        * An Amazon VPC endpoint service keeps your communication with KMS in a private address space entirely * within Amazon Web Services, but it requires more configuration, including establishing a Amazon VPC with * multiple subnets, a VPC endpoint service, a network load balancer, and a verified private DNS name. A * public endpoint is simpler to set up, but it might be slower and might not fulfill your security * requirements. You might consider testing with a public endpoint, and then establishing a VPC endpoint * service for production tasks. Note that this choice does not determine the location of the external key * store proxy. Even if you choose a VPC endpoint service, the proxy can be hosted within the VPC or outside * of Amazon Web Services such as in your corporate data center. * @see XksProxyConnectivityType */ public final XksProxyConnectivityType xksProxyConnectivity() { return XksProxyConnectivityType.fromValue(xksProxyConnectivity); } /** *

        * Indicates how KMS communicates with the external key store proxy. This parameter is required for custom key * stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE. *

        *

        * If the external key store proxy uses a public endpoint, specify PUBLIC_ENDPOINT. If the external key * store proxy uses a Amazon VPC endpoint service for communication with KMS, specify * VPC_ENDPOINT_SERVICE. For help making this choice, see Choosing a connectivity option in the Key Management Service Developer Guide. *

        *

        * An Amazon VPC endpoint service keeps your communication with KMS in a private address space entirely within * Amazon Web Services, but it requires more configuration, including establishing a Amazon VPC with multiple * subnets, a VPC endpoint service, a network load balancer, and a verified private DNS name. A public endpoint is * simpler to set up, but it might be slower and might not fulfill your security requirements. You might consider * testing with a public endpoint, and then establishing a VPC endpoint service for production tasks. Note that this * choice does not determine the location of the external key store proxy. Even if you choose a VPC endpoint * service, the proxy can be hosted within the VPC or outside of Amazon Web Services such as in your corporate data * center. *

        *

        * If the service returns an enum value that is not available in the current SDK version, * {@link #xksProxyConnectivity} will return {@link XksProxyConnectivityType#UNKNOWN_TO_SDK_VERSION}. The raw value * returned by the service is available from {@link #xksProxyConnectivityAsString}. *

        * * @return Indicates how KMS communicates with the external key store proxy. This parameter is required for custom * key stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE.

        *

        * If the external key store proxy uses a public endpoint, specify PUBLIC_ENDPOINT. If the * external key store proxy uses a Amazon VPC endpoint service for communication with KMS, specify * VPC_ENDPOINT_SERVICE. For help making this choice, see Choosing a connectivity option in the Key Management Service Developer Guide. *

        *

        * An Amazon VPC endpoint service keeps your communication with KMS in a private address space entirely * within Amazon Web Services, but it requires more configuration, including establishing a Amazon VPC with * multiple subnets, a VPC endpoint service, a network load balancer, and a verified private DNS name. A * public endpoint is simpler to set up, but it might be slower and might not fulfill your security * requirements. You might consider testing with a public endpoint, and then establishing a VPC endpoint * service for production tasks. Note that this choice does not determine the location of the external key * store proxy. Even if you choose a VPC endpoint service, the proxy can be hosted within the VPC or outside * of Amazon Web Services such as in your corporate data center. * @see XksProxyConnectivityType */ public final String xksProxyConnectivityAsString() { return xksProxyConnectivity; } @Override public Builder toBuilder() { return new BuilderImpl(this); } public static Builder builder() { return new BuilderImpl(); } public static Class serializableBuilderClass() { return BuilderImpl.class; } @Override public final int hashCode() { int hashCode = 1; hashCode = 31 * hashCode + super.hashCode(); hashCode = 31 * hashCode + Objects.hashCode(customKeyStoreName()); hashCode = 31 * hashCode + Objects.hashCode(cloudHsmClusterId()); hashCode = 31 * hashCode + Objects.hashCode(trustAnchorCertificate()); hashCode = 31 * hashCode + Objects.hashCode(keyStorePassword()); hashCode = 31 * hashCode + Objects.hashCode(customKeyStoreTypeAsString()); hashCode = 31 * hashCode + Objects.hashCode(xksProxyUriEndpoint()); hashCode = 31 * hashCode + Objects.hashCode(xksProxyUriPath()); hashCode = 31 * hashCode + Objects.hashCode(xksProxyVpcEndpointServiceName()); hashCode = 31 * hashCode + Objects.hashCode(xksProxyAuthenticationCredential()); hashCode = 31 * hashCode + Objects.hashCode(xksProxyConnectivityAsString()); return hashCode; } @Override public final boolean equals(Object obj) { return super.equals(obj) && equalsBySdkFields(obj); } @Override public final boolean equalsBySdkFields(Object obj) { if (this == obj) { return true; } if (obj == null) { return false; } if (!(obj instanceof CreateCustomKeyStoreRequest)) { return false; } CreateCustomKeyStoreRequest other = (CreateCustomKeyStoreRequest) obj; return Objects.equals(customKeyStoreName(), other.customKeyStoreName()) && Objects.equals(cloudHsmClusterId(), other.cloudHsmClusterId()) && Objects.equals(trustAnchorCertificate(), other.trustAnchorCertificate()) && Objects.equals(keyStorePassword(), other.keyStorePassword()) && Objects.equals(customKeyStoreTypeAsString(), other.customKeyStoreTypeAsString()) && Objects.equals(xksProxyUriEndpoint(), other.xksProxyUriEndpoint()) && Objects.equals(xksProxyUriPath(), other.xksProxyUriPath()) && Objects.equals(xksProxyVpcEndpointServiceName(), other.xksProxyVpcEndpointServiceName()) && Objects.equals(xksProxyAuthenticationCredential(), other.xksProxyAuthenticationCredential()) && Objects.equals(xksProxyConnectivityAsString(), other.xksProxyConnectivityAsString()); } /** * Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be * redacted from this string using a placeholder value. */ @Override public final String toString() { return ToString.builder("CreateCustomKeyStoreRequest").add("CustomKeyStoreName", customKeyStoreName()) .add("CloudHsmClusterId", cloudHsmClusterId()).add("TrustAnchorCertificate", trustAnchorCertificate()) .add("KeyStorePassword", keyStorePassword() == null ? null : "*** Sensitive Data Redacted ***") .add("CustomKeyStoreType", customKeyStoreTypeAsString()).add("XksProxyUriEndpoint", xksProxyUriEndpoint()) .add("XksProxyUriPath", xksProxyUriPath()) .add("XksProxyVpcEndpointServiceName", xksProxyVpcEndpointServiceName()) .add("XksProxyAuthenticationCredential", xksProxyAuthenticationCredential()) .add("XksProxyConnectivity", xksProxyConnectivityAsString()).build(); } public final Optional getValueForField(String fieldName, Class clazz) { switch (fieldName) { case "CustomKeyStoreName": return Optional.ofNullable(clazz.cast(customKeyStoreName())); case "CloudHsmClusterId": return Optional.ofNullable(clazz.cast(cloudHsmClusterId())); case "TrustAnchorCertificate": return Optional.ofNullable(clazz.cast(trustAnchorCertificate())); case "KeyStorePassword": return Optional.ofNullable(clazz.cast(keyStorePassword())); case "CustomKeyStoreType": return Optional.ofNullable(clazz.cast(customKeyStoreTypeAsString())); case "XksProxyUriEndpoint": return Optional.ofNullable(clazz.cast(xksProxyUriEndpoint())); case "XksProxyUriPath": return Optional.ofNullable(clazz.cast(xksProxyUriPath())); case "XksProxyVpcEndpointServiceName": return Optional.ofNullable(clazz.cast(xksProxyVpcEndpointServiceName())); case "XksProxyAuthenticationCredential": return Optional.ofNullable(clazz.cast(xksProxyAuthenticationCredential())); case "XksProxyConnectivity": return Optional.ofNullable(clazz.cast(xksProxyConnectivityAsString())); default: return Optional.empty(); } } @Override public final List> sdkFields() { return SDK_FIELDS; } private static Function getter(Function g) { return obj -> g.apply((CreateCustomKeyStoreRequest) obj); } private static BiConsumer setter(BiConsumer s) { return (obj, val) -> s.accept((Builder) obj, val); } public interface Builder extends KmsRequest.Builder, SdkPojo, CopyableBuilder { /** *

        * Specifies a friendly name for the custom key store. The name must be unique in your Amazon Web Services * account and Region. This parameter is required for all custom key stores. *

        * *

        * Do not include confidential or sensitive information in this field. This field may be displayed in plaintext * in CloudTrail logs and other output. *

        *
        * * @param customKeyStoreName * Specifies a friendly name for the custom key store. The name must be unique in your Amazon Web * Services account and Region. This parameter is required for all custom key stores.

        *

        * Do not include confidential or sensitive information in this field. This field may be displayed in * plaintext in CloudTrail logs and other output. *

        * @return Returns a reference to this object so that method calls can be chained together. */ Builder customKeyStoreName(String customKeyStoreName); /** *

        * Identifies the CloudHSM cluster for an CloudHSM key store. This parameter is required for custom key stores * with CustomKeyStoreType of AWS_CLOUDHSM. *

        *

        * Enter the cluster ID of any active CloudHSM cluster that is not already associated with a custom key store. * To find the cluster ID, use the DescribeClusters operation. *

        * * @param cloudHsmClusterId * Identifies the CloudHSM cluster for an CloudHSM key store. This parameter is required for custom key * stores with CustomKeyStoreType of AWS_CLOUDHSM.

        *

        * Enter the cluster ID of any active CloudHSM cluster that is not already associated with a custom key * store. To find the cluster ID, use the DescribeClusters operation. * @return Returns a reference to this object so that method calls can be chained together. */ Builder cloudHsmClusterId(String cloudHsmClusterId); /** *

        * Specifies the certificate for an CloudHSM key store. This parameter is required for custom key stores with a * CustomKeyStoreType of AWS_CLOUDHSM. *

        *

        * Enter the content of the trust anchor certificate for the CloudHSM cluster. This is the content of the * customerCA.crt file that you created when you initialized the * cluster. *

        * * @param trustAnchorCertificate * Specifies the certificate for an CloudHSM key store. This parameter is required for custom key stores * with a CustomKeyStoreType of AWS_CLOUDHSM.

        *

        * Enter the content of the trust anchor certificate for the CloudHSM cluster. This is the content of the * customerCA.crt file that you created when you initialized the * cluster. * @return Returns a reference to this object so that method calls can be chained together. */ Builder trustAnchorCertificate(String trustAnchorCertificate); /** *

        * Specifies the kmsuser password for an CloudHSM key store. This parameter is required for custom * key stores with a CustomKeyStoreType of AWS_CLOUDHSM. *

        *

        * Enter the password of the * kmsuser crypto user (CU) account in the specified CloudHSM cluster. KMS logs into the * cluster as this user to manage key material on your behalf. *

        *

        * The password must be a string of 7 to 32 characters. Its value is case sensitive. *

        *

        * This parameter tells KMS the kmsuser account password; it does not change the password in the * CloudHSM cluster. *

        * * @param keyStorePassword * Specifies the kmsuser password for an CloudHSM key store. This parameter is required for * custom key stores with a CustomKeyStoreType of AWS_CLOUDHSM.

        *

        * Enter the password of the * kmsuser crypto user (CU) account in the specified CloudHSM cluster. KMS logs into the * cluster as this user to manage key material on your behalf. *

        *

        * The password must be a string of 7 to 32 characters. Its value is case sensitive. *

        *

        * This parameter tells KMS the kmsuser account password; it does not change the password in * the CloudHSM cluster. * @return Returns a reference to this object so that method calls can be chained together. */ Builder keyStorePassword(String keyStorePassword); /** *

        * Specifies the type of custom key store. The default value is AWS_CLOUDHSM. *

        *

        * For a custom key store backed by an CloudHSM cluster, omit the parameter or enter AWS_CLOUDHSM. * For a custom key store backed by an external key manager outside of Amazon Web Services, enter * EXTERNAL_KEY_STORE. You cannot change this property after the key store is created. *

        * * @param customKeyStoreType * Specifies the type of custom key store. The default value is AWS_CLOUDHSM.

        *

        * For a custom key store backed by an CloudHSM cluster, omit the parameter or enter * AWS_CLOUDHSM. For a custom key store backed by an external key manager outside of Amazon * Web Services, enter EXTERNAL_KEY_STORE. You cannot change this property after the key * store is created. * @see CustomKeyStoreType * @return Returns a reference to this object so that method calls can be chained together. * @see CustomKeyStoreType */ Builder customKeyStoreType(String customKeyStoreType); /** *

        * Specifies the type of custom key store. The default value is AWS_CLOUDHSM. *

        *

        * For a custom key store backed by an CloudHSM cluster, omit the parameter or enter AWS_CLOUDHSM. * For a custom key store backed by an external key manager outside of Amazon Web Services, enter * EXTERNAL_KEY_STORE. You cannot change this property after the key store is created. *

        * * @param customKeyStoreType * Specifies the type of custom key store. The default value is AWS_CLOUDHSM.

        *

        * For a custom key store backed by an CloudHSM cluster, omit the parameter or enter * AWS_CLOUDHSM. For a custom key store backed by an external key manager outside of Amazon * Web Services, enter EXTERNAL_KEY_STORE. You cannot change this property after the key * store is created. * @see CustomKeyStoreType * @return Returns a reference to this object so that method calls can be chained together. * @see CustomKeyStoreType */ Builder customKeyStoreType(CustomKeyStoreType customKeyStoreType); /** *

        * Specifies the endpoint that KMS uses to send requests to the external key store proxy (XKS proxy). This * parameter is required for custom key stores with a CustomKeyStoreType of * EXTERNAL_KEY_STORE. *

        *

        * The protocol must be HTTPS. KMS communicates on port 443. Do not specify the port in the * XksProxyUriEndpoint value. *

        *

        * For external key stores with XksProxyConnectivity value of VPC_ENDPOINT_SERVICE, * specify https:// followed by the private DNS name of the VPC endpoint service. *

        *

        * For external key stores with PUBLIC_ENDPOINT connectivity, this endpoint must be reachable * before you create the custom key store. KMS connects to the external key store proxy while creating the * custom key store. For external key stores with VPC_ENDPOINT_SERVICE connectivity, KMS connects * when you call the ConnectCustomKeyStore operation. *

        *

        * The value of this parameter must begin with https://. The remainder can contain upper and lower * case letters (A-Z and a-z), numbers (0-9), dots (.), and hyphens (-). Additional * slashes (/ and \) are not permitted. *

        *

        * Uniqueness requirements: *

        *
          *
        • *

          * The combined XksProxyUriEndpoint and XksProxyUriPath values must be unique in the * Amazon Web Services account and Region. *

          *
        • *
        • *

          * An external key store with PUBLIC_ENDPOINT connectivity cannot use the same * XksProxyUriEndpoint value as an external key store with VPC_ENDPOINT_SERVICE * connectivity in this Amazon Web Services Region. *

          *
        • *
        • *

          * Each external key store with VPC_ENDPOINT_SERVICE connectivity must have its own private DNS * name. The XksProxyUriEndpoint value for external key stores with * VPC_ENDPOINT_SERVICE connectivity (private DNS name) must be unique in the Amazon Web Services * account and Region. *

          *
        • *
        * * @param xksProxyUriEndpoint * Specifies the endpoint that KMS uses to send requests to the external key store proxy (XKS proxy). * This parameter is required for custom key stores with a CustomKeyStoreType of * EXTERNAL_KEY_STORE.

        *

        * The protocol must be HTTPS. KMS communicates on port 443. Do not specify the port in the * XksProxyUriEndpoint value. *

        *

        * For external key stores with XksProxyConnectivity value of * VPC_ENDPOINT_SERVICE, specify https:// followed by the private DNS name of * the VPC endpoint service. *

        *

        * For external key stores with PUBLIC_ENDPOINT connectivity, this endpoint must be * reachable before you create the custom key store. KMS connects to the external key store proxy while * creating the custom key store. For external key stores with VPC_ENDPOINT_SERVICE * connectivity, KMS connects when you call the ConnectCustomKeyStore operation. *

        *

        * The value of this parameter must begin with https://. The remainder can contain upper and * lower case letters (A-Z and a-z), numbers (0-9), dots (.), and hyphens (-). * Additional slashes (/ and \) are not permitted. *

        *

        * Uniqueness requirements: *

        *
          *
        • *

          * The combined XksProxyUriEndpoint and XksProxyUriPath values must be unique * in the Amazon Web Services account and Region. *

          *
        • *
        • *

          * An external key store with PUBLIC_ENDPOINT connectivity cannot use the same * XksProxyUriEndpoint value as an external key store with VPC_ENDPOINT_SERVICE * connectivity in this Amazon Web Services Region. *

          *
        • *
        • *

          * Each external key store with VPC_ENDPOINT_SERVICE connectivity must have its own private * DNS name. The XksProxyUriEndpoint value for external key stores with * VPC_ENDPOINT_SERVICE connectivity (private DNS name) must be unique in the Amazon Web * Services account and Region. *

          *
        • * @return Returns a reference to this object so that method calls can be chained together. */ Builder xksProxyUriEndpoint(String xksProxyUriEndpoint); /** *

          * Specifies the base path to the proxy APIs for this external key store. To find this value, see the * documentation for your external key store proxy. This parameter is required for all custom key stores with a * CustomKeyStoreType of EXTERNAL_KEY_STORE. *

          *

          * The value must start with / and must end with /kms/xks/v1 where v1 * represents the version of the KMS external key store proxy API. This path can include an optional prefix * between the required elements such as /prefix/kms/xks/v1. *

          *

          * Uniqueness requirements: *

          *
            *
          • *

            * The combined XksProxyUriEndpoint and XksProxyUriPath values must be unique in the * Amazon Web Services account and Region. *

            *
          • *
          * * @param xksProxyUriPath * Specifies the base path to the proxy APIs for this external key store. To find this value, see the * documentation for your external key store proxy. This parameter is required for all custom key stores * with a CustomKeyStoreType of EXTERNAL_KEY_STORE.

          *

          * The value must start with / and must end with /kms/xks/v1 where * v1 represents the version of the KMS external key store proxy API. This path can include * an optional prefix between the required elements such as /prefix/kms/xks/v1. *

          *

          * Uniqueness requirements: *

          *
            *
          • *

            * The combined XksProxyUriEndpoint and XksProxyUriPath values must be unique * in the Amazon Web Services account and Region. *

            *
          • * @return Returns a reference to this object so that method calls can be chained together. */ Builder xksProxyUriPath(String xksProxyUriPath); /** *

            * Specifies the name of the Amazon VPC endpoint service for interface endpoints that is used to communicate * with your external key store proxy (XKS proxy). This parameter is required when the value of * CustomKeyStoreType is EXTERNAL_KEY_STORE and the value of * XksProxyConnectivity is VPC_ENDPOINT_SERVICE. *

            *

            * The Amazon VPC endpoint service must fulfill all requirements for use with an external key store. *

            *

            * Uniqueness requirements: *

            *
              *
            • *

              * External key stores with VPC_ENDPOINT_SERVICE connectivity can share an Amazon VPC, but each * external key store must have its own VPC endpoint service and private DNS name. *

              *
            • *
            * * @param xksProxyVpcEndpointServiceName * Specifies the name of the Amazon VPC endpoint service for interface endpoints that is used to * communicate with your external key store proxy (XKS proxy). This parameter is required when the value * of CustomKeyStoreType is EXTERNAL_KEY_STORE and the value of * XksProxyConnectivity is VPC_ENDPOINT_SERVICE.

            *

            * The Amazon VPC endpoint service must fulfill all requirements for use with an external key store. *

            *

            * Uniqueness requirements: *

            *
              *
            • *

              * External key stores with VPC_ENDPOINT_SERVICE connectivity can share an Amazon VPC, but * each external key store must have its own VPC endpoint service and private DNS name. *

              *
            • * @return Returns a reference to this object so that method calls can be chained together. */ Builder xksProxyVpcEndpointServiceName(String xksProxyVpcEndpointServiceName); /** *

              * Specifies an authentication credential for the external key store proxy (XKS proxy). This parameter is * required for all custom key stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE. *

              *

              * The XksProxyAuthenticationCredential has two required elements: RawSecretAccessKey, * a secret key, and AccessKeyId, a unique identifier for the RawSecretAccessKey. For * character requirements, see * XksProxyAuthenticationCredentialType. *

              *

              * KMS uses this authentication credential to sign requests to the external key store proxy on your behalf. This * credential is unrelated to Identity and Access Management (IAM) and Amazon Web Services credentials. *

              *

              * This parameter doesn't set or change the authentication credentials on the XKS proxy. It just tells KMS the * credential that you established on your external key store proxy. If you rotate your proxy authentication * credential, use the UpdateCustomKeyStore operation to provide the new credential to KMS. *

              * * @param xksProxyAuthenticationCredential * Specifies an authentication credential for the external key store proxy (XKS proxy). This parameter is * required for all custom key stores with a CustomKeyStoreType of * EXTERNAL_KEY_STORE.

              *

              * The XksProxyAuthenticationCredential has two required elements: * RawSecretAccessKey, a secret key, and AccessKeyId, a unique identifier for * the RawSecretAccessKey. For character requirements, see XksProxyAuthenticationCredentialType. *

              *

              * KMS uses this authentication credential to sign requests to the external key store proxy on your * behalf. This credential is unrelated to Identity and Access Management (IAM) and Amazon Web Services * credentials. *

              *

              * This parameter doesn't set or change the authentication credentials on the XKS proxy. It just tells * KMS the credential that you established on your external key store proxy. If you rotate your proxy * authentication credential, use the UpdateCustomKeyStore operation to provide the new credential * to KMS. * @return Returns a reference to this object so that method calls can be chained together. */ Builder xksProxyAuthenticationCredential(XksProxyAuthenticationCredentialType xksProxyAuthenticationCredential); /** *

              * Specifies an authentication credential for the external key store proxy (XKS proxy). This parameter is * required for all custom key stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE. *

              *

              * The XksProxyAuthenticationCredential has two required elements: RawSecretAccessKey, * a secret key, and AccessKeyId, a unique identifier for the RawSecretAccessKey. For * character requirements, see * XksProxyAuthenticationCredentialType. *

              *

              * KMS uses this authentication credential to sign requests to the external key store proxy on your behalf. This * credential is unrelated to Identity and Access Management (IAM) and Amazon Web Services credentials. *

              *

              * This parameter doesn't set or change the authentication credentials on the XKS proxy. It just tells KMS the * credential that you established on your external key store proxy. If you rotate your proxy authentication * credential, use the UpdateCustomKeyStore operation to provide the new credential to KMS. *

              * This is a convenience method that creates an instance of the * {@link XksProxyAuthenticationCredentialType.Builder} avoiding the need to create one manually via * {@link XksProxyAuthenticationCredentialType#builder()}. * *

              * When the {@link Consumer} completes, {@link XksProxyAuthenticationCredentialType.Builder#build()} is called * immediately and its result is passed to * {@link #xksProxyAuthenticationCredential(XksProxyAuthenticationCredentialType)}. * * @param xksProxyAuthenticationCredential * a consumer that will call methods on {@link XksProxyAuthenticationCredentialType.Builder} * @return Returns a reference to this object so that method calls can be chained together. * @see #xksProxyAuthenticationCredential(XksProxyAuthenticationCredentialType) */ default Builder xksProxyAuthenticationCredential( Consumer xksProxyAuthenticationCredential) { return xksProxyAuthenticationCredential(XksProxyAuthenticationCredentialType.builder() .applyMutation(xksProxyAuthenticationCredential).build()); } /** *

              * Indicates how KMS communicates with the external key store proxy. This parameter is required for custom key * stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE. *

              *

              * If the external key store proxy uses a public endpoint, specify PUBLIC_ENDPOINT. If the external * key store proxy uses a Amazon VPC endpoint service for communication with KMS, specify * VPC_ENDPOINT_SERVICE. For help making this choice, see Choosing a connectivity option in the Key Management Service Developer Guide. *

              *

              * An Amazon VPC endpoint service keeps your communication with KMS in a private address space entirely within * Amazon Web Services, but it requires more configuration, including establishing a Amazon VPC with multiple * subnets, a VPC endpoint service, a network load balancer, and a verified private DNS name. A public endpoint * is simpler to set up, but it might be slower and might not fulfill your security requirements. You might * consider testing with a public endpoint, and then establishing a VPC endpoint service for production tasks. * Note that this choice does not determine the location of the external key store proxy. Even if you choose a * VPC endpoint service, the proxy can be hosted within the VPC or outside of Amazon Web Services such as in * your corporate data center. *

              * * @param xksProxyConnectivity * Indicates how KMS communicates with the external key store proxy. This parameter is required for * custom key stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE.

              *

              * If the external key store proxy uses a public endpoint, specify PUBLIC_ENDPOINT. If the * external key store proxy uses a Amazon VPC endpoint service for communication with KMS, specify * VPC_ENDPOINT_SERVICE. For help making this choice, see Choosing a connectivity option in the Key Management Service Developer Guide. *

              *

              * An Amazon VPC endpoint service keeps your communication with KMS in a private address space entirely * within Amazon Web Services, but it requires more configuration, including establishing a Amazon VPC * with multiple subnets, a VPC endpoint service, a network load balancer, and a verified private DNS * name. A public endpoint is simpler to set up, but it might be slower and might not fulfill your * security requirements. You might consider testing with a public endpoint, and then establishing a VPC * endpoint service for production tasks. Note that this choice does not determine the location of the * external key store proxy. Even if you choose a VPC endpoint service, the proxy can be hosted within * the VPC or outside of Amazon Web Services such as in your corporate data center. * @see XksProxyConnectivityType * @return Returns a reference to this object so that method calls can be chained together. * @see XksProxyConnectivityType */ Builder xksProxyConnectivity(String xksProxyConnectivity); /** *

              * Indicates how KMS communicates with the external key store proxy. This parameter is required for custom key * stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE. *

              *

              * If the external key store proxy uses a public endpoint, specify PUBLIC_ENDPOINT. If the external * key store proxy uses a Amazon VPC endpoint service for communication with KMS, specify * VPC_ENDPOINT_SERVICE. For help making this choice, see Choosing a connectivity option in the Key Management Service Developer Guide. *

              *

              * An Amazon VPC endpoint service keeps your communication with KMS in a private address space entirely within * Amazon Web Services, but it requires more configuration, including establishing a Amazon VPC with multiple * subnets, a VPC endpoint service, a network load balancer, and a verified private DNS name. A public endpoint * is simpler to set up, but it might be slower and might not fulfill your security requirements. You might * consider testing with a public endpoint, and then establishing a VPC endpoint service for production tasks. * Note that this choice does not determine the location of the external key store proxy. Even if you choose a * VPC endpoint service, the proxy can be hosted within the VPC or outside of Amazon Web Services such as in * your corporate data center. *

              * * @param xksProxyConnectivity * Indicates how KMS communicates with the external key store proxy. This parameter is required for * custom key stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE.

              *

              * If the external key store proxy uses a public endpoint, specify PUBLIC_ENDPOINT. If the * external key store proxy uses a Amazon VPC endpoint service for communication with KMS, specify * VPC_ENDPOINT_SERVICE. For help making this choice, see Choosing a connectivity option in the Key Management Service Developer Guide. *

              *

              * An Amazon VPC endpoint service keeps your communication with KMS in a private address space entirely * within Amazon Web Services, but it requires more configuration, including establishing a Amazon VPC * with multiple subnets, a VPC endpoint service, a network load balancer, and a verified private DNS * name. A public endpoint is simpler to set up, but it might be slower and might not fulfill your * security requirements. You might consider testing with a public endpoint, and then establishing a VPC * endpoint service for production tasks. Note that this choice does not determine the location of the * external key store proxy. Even if you choose a VPC endpoint service, the proxy can be hosted within * the VPC or outside of Amazon Web Services such as in your corporate data center. * @see XksProxyConnectivityType * @return Returns a reference to this object so that method calls can be chained together. * @see XksProxyConnectivityType */ Builder xksProxyConnectivity(XksProxyConnectivityType xksProxyConnectivity); @Override Builder overrideConfiguration(AwsRequestOverrideConfiguration overrideConfiguration); @Override Builder overrideConfiguration(Consumer builderConsumer); } static final class BuilderImpl extends KmsRequest.BuilderImpl implements Builder { private String customKeyStoreName; private String cloudHsmClusterId; private String trustAnchorCertificate; private String keyStorePassword; private String customKeyStoreType; private String xksProxyUriEndpoint; private String xksProxyUriPath; private String xksProxyVpcEndpointServiceName; private XksProxyAuthenticationCredentialType xksProxyAuthenticationCredential; private String xksProxyConnectivity; private BuilderImpl() { } private BuilderImpl(CreateCustomKeyStoreRequest model) { super(model); customKeyStoreName(model.customKeyStoreName); cloudHsmClusterId(model.cloudHsmClusterId); trustAnchorCertificate(model.trustAnchorCertificate); keyStorePassword(model.keyStorePassword); customKeyStoreType(model.customKeyStoreType); xksProxyUriEndpoint(model.xksProxyUriEndpoint); xksProxyUriPath(model.xksProxyUriPath); xksProxyVpcEndpointServiceName(model.xksProxyVpcEndpointServiceName); xksProxyAuthenticationCredential(model.xksProxyAuthenticationCredential); xksProxyConnectivity(model.xksProxyConnectivity); } public final String getCustomKeyStoreName() { return customKeyStoreName; } public final void setCustomKeyStoreName(String customKeyStoreName) { this.customKeyStoreName = customKeyStoreName; } @Override public final Builder customKeyStoreName(String customKeyStoreName) { this.customKeyStoreName = customKeyStoreName; return this; } public final String getCloudHsmClusterId() { return cloudHsmClusterId; } public final void setCloudHsmClusterId(String cloudHsmClusterId) { this.cloudHsmClusterId = cloudHsmClusterId; } @Override public final Builder cloudHsmClusterId(String cloudHsmClusterId) { this.cloudHsmClusterId = cloudHsmClusterId; return this; } public final String getTrustAnchorCertificate() { return trustAnchorCertificate; } public final void setTrustAnchorCertificate(String trustAnchorCertificate) { this.trustAnchorCertificate = trustAnchorCertificate; } @Override public final Builder trustAnchorCertificate(String trustAnchorCertificate) { this.trustAnchorCertificate = trustAnchorCertificate; return this; } public final String getKeyStorePassword() { return keyStorePassword; } public final void setKeyStorePassword(String keyStorePassword) { this.keyStorePassword = keyStorePassword; } @Override public final Builder keyStorePassword(String keyStorePassword) { this.keyStorePassword = keyStorePassword; return this; } public final String getCustomKeyStoreType() { return customKeyStoreType; } public final void setCustomKeyStoreType(String customKeyStoreType) { this.customKeyStoreType = customKeyStoreType; } @Override public final Builder customKeyStoreType(String customKeyStoreType) { this.customKeyStoreType = customKeyStoreType; return this; } @Override public final Builder customKeyStoreType(CustomKeyStoreType customKeyStoreType) { this.customKeyStoreType(customKeyStoreType == null ? null : customKeyStoreType.toString()); return this; } public final String getXksProxyUriEndpoint() { return xksProxyUriEndpoint; } public final void setXksProxyUriEndpoint(String xksProxyUriEndpoint) { this.xksProxyUriEndpoint = xksProxyUriEndpoint; } @Override public final Builder xksProxyUriEndpoint(String xksProxyUriEndpoint) { this.xksProxyUriEndpoint = xksProxyUriEndpoint; return this; } public final String getXksProxyUriPath() { return xksProxyUriPath; } public final void setXksProxyUriPath(String xksProxyUriPath) { this.xksProxyUriPath = xksProxyUriPath; } @Override public final Builder xksProxyUriPath(String xksProxyUriPath) { this.xksProxyUriPath = xksProxyUriPath; return this; } public final String getXksProxyVpcEndpointServiceName() { return xksProxyVpcEndpointServiceName; } public final void setXksProxyVpcEndpointServiceName(String xksProxyVpcEndpointServiceName) { this.xksProxyVpcEndpointServiceName = xksProxyVpcEndpointServiceName; } @Override public final Builder xksProxyVpcEndpointServiceName(String xksProxyVpcEndpointServiceName) { this.xksProxyVpcEndpointServiceName = xksProxyVpcEndpointServiceName; return this; } public final XksProxyAuthenticationCredentialType.Builder getXksProxyAuthenticationCredential() { return xksProxyAuthenticationCredential != null ? xksProxyAuthenticationCredential.toBuilder() : null; } public final void setXksProxyAuthenticationCredential( XksProxyAuthenticationCredentialType.BuilderImpl xksProxyAuthenticationCredential) { this.xksProxyAuthenticationCredential = xksProxyAuthenticationCredential != null ? xksProxyAuthenticationCredential .build() : null; } @Override public final Builder xksProxyAuthenticationCredential( XksProxyAuthenticationCredentialType xksProxyAuthenticationCredential) { this.xksProxyAuthenticationCredential = xksProxyAuthenticationCredential; return this; } public final String getXksProxyConnectivity() { return xksProxyConnectivity; } public final void setXksProxyConnectivity(String xksProxyConnectivity) { this.xksProxyConnectivity = xksProxyConnectivity; } @Override public final Builder xksProxyConnectivity(String xksProxyConnectivity) { this.xksProxyConnectivity = xksProxyConnectivity; return this; } @Override public final Builder xksProxyConnectivity(XksProxyConnectivityType xksProxyConnectivity) { this.xksProxyConnectivity(xksProxyConnectivity == null ? null : xksProxyConnectivity.toString()); return this; } @Override public Builder overrideConfiguration(AwsRequestOverrideConfiguration overrideConfiguration) { super.overrideConfiguration(overrideConfiguration); return this; } @Override public Builder overrideConfiguration(Consumer builderConsumer) { super.overrideConfiguration(builderConsumer); return this; } @Override public CreateCustomKeyStoreRequest build() { return new CreateCustomKeyStoreRequest(this); } @Override public List> sdkFields() { return SDK_FIELDS; } } }





© 2015 - 2025 Weber Informatics LLC | Privacy Policy