public class CreateKeyRequest extends AmazonWebServiceRequest implements java.io.Serializable
Creates a customer master key (CMK).
You can use a CMK to encrypt small amounts of data (4 KiB or less) directly, but CMKs are more commonly used to encrypt data encryption keys (DEKs), which are used to encrypt raw data. For more information about DEKs and the difference between CMKs and DEKs, see the following:
The GenerateDataKey operation
AWS Key Management Service Concepts in the AWS Key Management Service Developer Guide
Constructor and Description |
---|
CreateKeyRequest() |
Modifier and Type | Method and Description |
---|---|
boolean |
equals(java.lang.Object obj) |
java.lang.Boolean |
getBypassPolicyLockoutSafetyCheck()
A flag to indicate whether to bypass the key policy lockout safety check.
|
java.lang.String |
getDescription()
A description of the CMK.
|
java.lang.String |
getKeyUsage()
The intended use of the CMK.
|
java.lang.String |
getOrigin()
The source of the CMK's key material.
|
java.lang.String |
getPolicy()
The key policy to attach to the CMK.
|
int |
hashCode() |
java.lang.Boolean |
isBypassPolicyLockoutSafetyCheck()
A flag to indicate whether to bypass the key policy lockout safety check.
|
void |
setBypassPolicyLockoutSafetyCheck(java.lang.Boolean bypassPolicyLockoutSafetyCheck)
A flag to indicate whether to bypass the key policy lockout safety check.
|
void |
setDescription(java.lang.String description)
A description of the CMK.
|
void |
setKeyUsage(KeyUsageType keyUsage)
The intended use of the CMK.
|
void |
setKeyUsage(java.lang.String keyUsage)
The intended use of the CMK.
|
void |
setOrigin(OriginType origin)
The source of the CMK's key material.
|
void |
setOrigin(java.lang.String origin)
The source of the CMK's key material.
|
void |
setPolicy(java.lang.String policy)
The key policy to attach to the CMK.
|
java.lang.String |
toString()
Returns a string representation of this object; useful for testing and
debugging.
|
CreateKeyRequest |
withBypassPolicyLockoutSafetyCheck(java.lang.Boolean bypassPolicyLockoutSafetyCheck)
A flag to indicate whether to bypass the key policy lockout safety check.
|
CreateKeyRequest |
withDescription(java.lang.String description)
A description of the CMK.
|
CreateKeyRequest |
withKeyUsage(KeyUsageType keyUsage)
The intended use of the CMK.
|
CreateKeyRequest |
withKeyUsage(java.lang.String keyUsage)
The intended use of the CMK.
|
CreateKeyRequest |
withOrigin(OriginType origin)
The source of the CMK's key material.
|
CreateKeyRequest |
withOrigin(java.lang.String origin)
The source of the CMK's key material.
|
CreateKeyRequest |
withPolicy(java.lang.String policy)
The key policy to attach to the CMK.
|
clone, getCloneRoot, getCloneSource, getGeneralProgressListener, getRequestClientOptions, getRequestCredentials, getRequestMetricCollector, setGeneralProgressListener, setRequestCredentials, setRequestMetricCollector, withGeneralProgressListener, withRequestMetricCollector
public java.lang.String getPolicy()
The key policy to attach to the CMK.
If you specify a policy and do not set
BypassPolicyLockoutSafetyCheck
to true, the policy must meet
the following criteria:
It must allow the principal making the CreateKey
request to
make a subsequent PutKeyPolicy request on the CMK. This reduces
the likelihood that the CMK becomes unmanageable. For more information,
refer to the scenario in the Default Key Policy section in the AWS Key Management Service
Developer Guide.
The principal(s) specified in the key policy must exist and be visible to AWS KMS. When you create a new AWS principal (for example, an IAM user or role), you might need to enforce a delay before specifying the new principal in a key policy because the new principal might not immediately be visible to AWS KMS. For more information, see Changes that I make are not always immediately visible in the IAM User Guide.
If you do not specify a policy, AWS KMS attaches a default key policy to the CMK. For more information, see Default Key Policy in the AWS Key Management Service Developer Guide.
The policy size limit is 32 KiB (32768 bytes).
Constraints:
Length: 1 - 131072
Pattern: [ -ÿ]+
The key policy to attach to the CMK.
If you specify a policy and do not set
BypassPolicyLockoutSafetyCheck
to true, the policy
must meet the following criteria:
It must allow the principal making the CreateKey
request to make a subsequent PutKeyPolicy request on the
CMK. This reduces the likelihood that the CMK becomes
unmanageable. For more information, refer to the scenario in the
Default Key Policy section in the AWS Key Management
Service Developer Guide.
The principal(s) specified in the key policy must exist and be visible to AWS KMS. When you create a new AWS principal (for example, an IAM user or role), you might need to enforce a delay before specifying the new principal in a key policy because the new principal might not immediately be visible to AWS KMS. For more information, see Changes that I make are not always immediately visible in the IAM User Guide.
If you do not specify a policy, AWS KMS attaches a default key policy to the CMK. For more information, see Default Key Policy in the AWS Key Management Service Developer Guide.
The policy size limit is 32 KiB (32768 bytes).
public void setPolicy(java.lang.String policy)
The key policy to attach to the CMK.
If you specify a policy and do not set
BypassPolicyLockoutSafetyCheck
to true, the policy must meet
the following criteria:
It must allow the principal making the CreateKey
request to
make a subsequent PutKeyPolicy request on the CMK. This reduces
the likelihood that the CMK becomes unmanageable. For more information,
refer to the scenario in the Default Key Policy section in the AWS Key Management Service
Developer Guide.
The principal(s) specified in the key policy must exist and be visible to AWS KMS. When you create a new AWS principal (for example, an IAM user or role), you might need to enforce a delay before specifying the new principal in a key policy because the new principal might not immediately be visible to AWS KMS. For more information, see Changes that I make are not always immediately visible in the IAM User Guide.
If you do not specify a policy, AWS KMS attaches a default key policy to the CMK. For more information, see Default Key Policy in the AWS Key Management Service Developer Guide.
The policy size limit is 32 KiB (32768 bytes).
Constraints:
Length: 1 - 131072
Pattern: [ -ÿ]+
policy
- The key policy to attach to the CMK.
If you specify a policy and do not set
BypassPolicyLockoutSafetyCheck
to true, the
policy must meet the following criteria:
It must allow the principal making the CreateKey
request to make a subsequent PutKeyPolicy request on
the CMK. This reduces the likelihood that the CMK becomes
unmanageable. For more information, refer to the scenario in
the Default Key Policy section in the AWS Key Management
Service Developer Guide.
The principal(s) specified in the key policy must exist and be visible to AWS KMS. When you create a new AWS principal (for example, an IAM user or role), you might need to enforce a delay before specifying the new principal in a key policy because the new principal might not immediately be visible to AWS KMS. For more information, see Changes that I make are not always immediately visible in the IAM User Guide.
If you do not specify a policy, AWS KMS attaches a default key policy to the CMK. For more information, see Default Key Policy in the AWS Key Management Service Developer Guide.
The policy size limit is 32 KiB (32768 bytes).
public CreateKeyRequest withPolicy(java.lang.String policy)
The key policy to attach to the CMK.
If you specify a policy and do not set
BypassPolicyLockoutSafetyCheck
to true, the policy must meet
the following criteria:
It must allow the principal making the CreateKey
request to
make a subsequent PutKeyPolicy request on the CMK. This reduces
the likelihood that the CMK becomes unmanageable. For more information,
refer to the scenario in the Default Key Policy section in the AWS Key Management Service
Developer Guide.
The principal(s) specified in the key policy must exist and be visible to AWS KMS. When you create a new AWS principal (for example, an IAM user or role), you might need to enforce a delay before specifying the new principal in a key policy because the new principal might not immediately be visible to AWS KMS. For more information, see Changes that I make are not always immediately visible in the IAM User Guide.
If you do not specify a policy, AWS KMS attaches a default key policy to the CMK. For more information, see Default Key Policy in the AWS Key Management Service Developer Guide.
The policy size limit is 32 KiB (32768 bytes).
Returns a reference to this object so that method calls can be chained together.
Constraints:
Length: 1 - 131072
Pattern: [ -ÿ]+
policy
- The key policy to attach to the CMK.
If you specify a policy and do not set
BypassPolicyLockoutSafetyCheck
to true, the
policy must meet the following criteria:
It must allow the principal making the CreateKey
request to make a subsequent PutKeyPolicy request on
the CMK. This reduces the likelihood that the CMK becomes
unmanageable. For more information, refer to the scenario in
the Default Key Policy section in the AWS Key Management
Service Developer Guide.
The principal(s) specified in the key policy must exist and be visible to AWS KMS. When you create a new AWS principal (for example, an IAM user or role), you might need to enforce a delay before specifying the new principal in a key policy because the new principal might not immediately be visible to AWS KMS. For more information, see Changes that I make are not always immediately visible in the IAM User Guide.
If you do not specify a policy, AWS KMS attaches a default key policy to the CMK. For more information, see Default Key Policy in the AWS Key Management Service Developer Guide.
The policy size limit is 32 KiB (32768 bytes).
public java.lang.String getDescription()
A description of the CMK.
Use a description that helps you decide whether the CMK is appropriate for a task.
Constraints:
Length: 0 - 8192
A description of the CMK.
Use a description that helps you decide whether the CMK is appropriate for a task.
public void setDescription(java.lang.String description)
A description of the CMK.
Use a description that helps you decide whether the CMK is appropriate for a task.
Constraints:
Length: 0 - 8192
description
- A description of the CMK.
Use a description that helps you decide whether the CMK is appropriate for a task.
public CreateKeyRequest withDescription(java.lang.String description)
A description of the CMK.
Use a description that helps you decide whether the CMK is appropriate for a task.
Returns a reference to this object so that method calls can be chained together.
Constraints:
Length: 0 - 8192
description
- A description of the CMK.
Use a description that helps you decide whether the CMK is appropriate for a task.
public java.lang.String getKeyUsage()
The intended use of the CMK.
You can use CMKs only for symmetric encryption and decryption.
Constraints:
Allowed Values: ENCRYPT_DECRYPT
The intended use of the CMK.
You can use CMKs only for symmetric encryption and decryption.
KeyUsageType
public void setKeyUsage(java.lang.String keyUsage)
The intended use of the CMK.
You can use CMKs only for symmetric encryption and decryption.
Constraints:
Allowed Values: ENCRYPT_DECRYPT
keyUsage
- The intended use of the CMK.
You can use CMKs only for symmetric encryption and decryption.
KeyUsageType
public CreateKeyRequest withKeyUsage(java.lang.String keyUsage)
The intended use of the CMK.
You can use CMKs only for symmetric encryption and decryption.
Returns a reference to this object so that method calls can be chained together.
Constraints:
Allowed Values: ENCRYPT_DECRYPT
keyUsage
- The intended use of the CMK.
You can use CMKs only for symmetric encryption and decryption.
KeyUsageType
public void setKeyUsage(KeyUsageType keyUsage)
The intended use of the CMK.
You can use CMKs only for symmetric encryption and decryption.
Constraints:
Allowed Values: ENCRYPT_DECRYPT
keyUsage
- The intended use of the CMK.
You can use CMKs only for symmetric encryption and decryption.
KeyUsageType
public CreateKeyRequest withKeyUsage(KeyUsageType keyUsage)
The intended use of the CMK.
You can use CMKs only for symmetric encryption and decryption.
Returns a reference to this object so that method calls can be chained together.
Constraints:
Allowed Values: ENCRYPT_DECRYPT
keyUsage
- The intended use of the CMK.
You can use CMKs only for symmetric encryption and decryption.
KeyUsageType
public java.lang.String getOrigin()
The source of the CMK's key material.
The default is AWS_KMS
, which means AWS KMS creates the key
material. When this parameter is set to EXTERNAL
, the
request creates a CMK without key material so that you can import key
material from your existing key management infrastructure. For more
information about importing key material into AWS KMS, see Importing Key Material in the AWS Key Management Service
Developer Guide.
The CMK's Origin
is immutable and is set when the CMK is
created.
Constraints:
Allowed Values: AWS_KMS, EXTERNAL
The source of the CMK's key material.
The default is AWS_KMS
, which means AWS KMS creates
the key material. When this parameter is set to
EXTERNAL
, the request creates a CMK without key
material so that you can import key material from your existing
key management infrastructure. For more information about
importing key material into AWS KMS, see Importing Key Material in the AWS Key Management Service
Developer Guide.
The CMK's Origin
is immutable and is set when the
CMK is created.
OriginType
public void setOrigin(java.lang.String origin)
The source of the CMK's key material.
The default is AWS_KMS
, which means AWS KMS creates the key
material. When this parameter is set to EXTERNAL
, the
request creates a CMK without key material so that you can import key
material from your existing key management infrastructure. For more
information about importing key material into AWS KMS, see Importing Key Material in the AWS Key Management Service
Developer Guide.
The CMK's Origin
is immutable and is set when the CMK is
created.
Constraints:
Allowed Values: AWS_KMS, EXTERNAL
origin
- The source of the CMK's key material.
The default is AWS_KMS
, which means AWS KMS
creates the key material. When this parameter is set to
EXTERNAL
, the request creates a CMK without key
material so that you can import key material from your
existing key management infrastructure. For more information
about importing key material into AWS KMS, see Importing Key Material in the AWS Key Management
Service Developer Guide.
The CMK's Origin
is immutable and is set when the
CMK is created.
OriginType
public CreateKeyRequest withOrigin(java.lang.String origin)
The source of the CMK's key material.
The default is AWS_KMS
, which means AWS KMS creates the key
material. When this parameter is set to EXTERNAL
, the
request creates a CMK without key material so that you can import key
material from your existing key management infrastructure. For more
information about importing key material into AWS KMS, see Importing Key Material in the AWS Key Management Service
Developer Guide.
The CMK's Origin
is immutable and is set when the CMK is
created.
Returns a reference to this object so that method calls can be chained together.
Constraints:
Allowed Values: AWS_KMS, EXTERNAL
origin
- The source of the CMK's key material.
The default is AWS_KMS
, which means AWS KMS
creates the key material. When this parameter is set to
EXTERNAL
, the request creates a CMK without key
material so that you can import key material from your
existing key management infrastructure. For more information
about importing key material into AWS KMS, see Importing Key Material in the AWS Key Management
Service Developer Guide.
The CMK's Origin
is immutable and is set when the
CMK is created.
OriginType
public void setOrigin(OriginType origin)
The source of the CMK's key material.
The default is AWS_KMS
, which means AWS KMS creates the key
material. When this parameter is set to EXTERNAL
, the
request creates a CMK without key material so that you can import key
material from your existing key management infrastructure. For more
information about importing key material into AWS KMS, see Importing Key Material in the AWS Key Management Service
Developer Guide.
The CMK's Origin
is immutable and is set when the CMK is
created.
Constraints:
Allowed Values: AWS_KMS, EXTERNAL
origin
- The source of the CMK's key material.
The default is AWS_KMS
, which means AWS KMS
creates the key material. When this parameter is set to
EXTERNAL
, the request creates a CMK without key
material so that you can import key material from your
existing key management infrastructure. For more information
about importing key material into AWS KMS, see Importing Key Material in the AWS Key Management
Service Developer Guide.
The CMK's Origin
is immutable and is set when the
CMK is created.
OriginType
public CreateKeyRequest withOrigin(OriginType origin)
The source of the CMK's key material.
The default is AWS_KMS
, which means AWS KMS creates the key
material. When this parameter is set to EXTERNAL
, the
request creates a CMK without key material so that you can import key
material from your existing key management infrastructure. For more
information about importing key material into AWS KMS, see Importing Key Material in the AWS Key Management Service
Developer Guide.
The CMK's Origin
is immutable and is set when the CMK is
created.
Returns a reference to this object so that method calls can be chained together.
Constraints:
Allowed Values: AWS_KMS, EXTERNAL
origin
- The source of the CMK's key material.
The default is AWS_KMS
, which means AWS KMS
creates the key material. When this parameter is set to
EXTERNAL
, the request creates a CMK without key
material so that you can import key material from your
existing key management infrastructure. For more information
about importing key material into AWS KMS, see Importing Key Material in the AWS Key Management
Service Developer Guide.
The CMK's Origin
is immutable and is set when the
CMK is created.
OriginType
public java.lang.Boolean isBypassPolicyLockoutSafetyCheck()
A flag to indicate whether to bypass the key policy lockout safety check.
Setting this value to true increases the likelihood that the CMK becomes unmanageable. Do not set this value to true indiscriminately.
For more information, refer to the scenario in the Default Key Policy section in the AWS Key Management Service Developer Guide.
Use this parameter only when you include a policy in the request and you intend to prevent the principal making the request from making a subsequent PutKeyPolicy request on the CMK.
The default value is false.
A flag to indicate whether to bypass the key policy lockout safety check.
Setting this value to true increases the likelihood that the CMK becomes unmanageable. Do not set this value to true indiscriminately.
For more information, refer to the scenario in the Default Key Policy section in the AWS Key Management Service Developer Guide.
Use this parameter only when you include a policy in the request and you intend to prevent the principal making the request from making a subsequent PutKeyPolicy request on the CMK.
The default value is false.
public java.lang.Boolean getBypassPolicyLockoutSafetyCheck()
A flag to indicate whether to bypass the key policy lockout safety check.
Setting this value to true increases the likelihood that the CMK becomes unmanageable. Do not set this value to true indiscriminately.
For more information, refer to the scenario in the Default Key Policy section in the AWS Key Management Service Developer Guide.
Use this parameter only when you include a policy in the request and you intend to prevent the principal making the request from making a subsequent PutKeyPolicy request on the CMK.
The default value is false.
A flag to indicate whether to bypass the key policy lockout safety check.
Setting this value to true increases the likelihood that the CMK becomes unmanageable. Do not set this value to true indiscriminately.
For more information, refer to the scenario in the Default Key Policy section in the AWS Key Management Service Developer Guide.
Use this parameter only when you include a policy in the request and you intend to prevent the principal making the request from making a subsequent PutKeyPolicy request on the CMK.
The default value is false.
public void setBypassPolicyLockoutSafetyCheck(java.lang.Boolean bypassPolicyLockoutSafetyCheck)
A flag to indicate whether to bypass the key policy lockout safety check.
Setting this value to true increases the likelihood that the CMK becomes unmanageable. Do not set this value to true indiscriminately.
For more information, refer to the scenario in the Default Key Policy section in the AWS Key Management Service Developer Guide.
Use this parameter only when you include a policy in the request and you intend to prevent the principal making the request from making a subsequent PutKeyPolicy request on the CMK.
The default value is false.
bypassPolicyLockoutSafetyCheck
- A flag to indicate whether to bypass the key policy lockout safety check.
Setting this value to true increases the likelihood that the CMK becomes unmanageable. Do not set this value to true indiscriminately.
For more information, refer to the scenario in the Default Key Policy section in the AWS Key Management Service Developer Guide.
Use this parameter only when you include a policy in the request and you intend to prevent the principal making the request from making a subsequent PutKeyPolicy request on the CMK.
The default value is false.
public CreateKeyRequest withBypassPolicyLockoutSafetyCheck(java.lang.Boolean bypassPolicyLockoutSafetyCheck)
A flag to indicate whether to bypass the key policy lockout safety check.
Setting this value to true increases the likelihood that the CMK becomes unmanageable. Do not set this value to true indiscriminately.
For more information, refer to the scenario in the Default Key Policy section in the AWS Key Management Service Developer Guide.
Use this parameter only when you include a policy in the request and you intend to prevent the principal making the request from making a subsequent PutKeyPolicy request on the CMK.
The default value is false.
Returns a reference to this object so that method calls can be chained together.
bypassPolicyLockoutSafetyCheck
- A flag to indicate whether to bypass the key policy lockout safety check.
Setting this value to true increases the likelihood that the CMK becomes unmanageable. Do not set this value to true indiscriminately.
For more information, refer to the scenario in the Default Key Policy section in the AWS Key Management Service Developer Guide.
Use this parameter only when you include a policy in the request and you intend to prevent the principal making the request from making a subsequent PutKeyPolicy request on the CMK.
The default value is false.
public java.lang.String toString()
toString
in class java.lang.Object
Object.toString()
public int hashCode()
hashCode
in class java.lang.Object
public boolean equals(java.lang.Object obj)
equals
in class java.lang.Object
Copyright © 2010 Amazon Web Services, Inc. All Rights Reserved.