Each entry contains information about one of the key materials associated with a KMS key.
Contents NoteIn the following list, the required parameters are described first.
Indicates if the key material is configured to automatically expire. There are two possible values for this field: KEY_MATERIAL_EXPIRES and KEY_MATERIAL_DOES_NOT_EXPIRE. For any key material that expires, the expiration date and time is indicated in ValidTo. This field is only present for symmetric encryption KMS keys with EXTERNAL origin.
Type: String
Valid Values: KEY_MATERIAL_EXPIRES | KEY_MATERIAL_DOES_NOT_EXPIRE
Required: No
Indicates if the key material is currently imported into AWS KMS. It has two possible values: IMPORTED or PENDING_IMPORT. This field is only present for symmetric encryption KMS keys with EXTERNAL origin.
Type: String
Valid Values: IMPORTED | PENDING_IMPORT
Required: No
Unique identifier of the key.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 2048.
Required: No
User-specified description of the key material. This field is only present for symmetric encryption KMS keys with EXTERNAL origin.
Type: String
Length Constraints: Minimum length of 0. Maximum length of 256.
Pattern: ^[a-zA-Z0-9:/_\s.-]+$
Required: No
Unique identifier of the key material.
Type: String
Length Constraints: Fixed length of 64.
Pattern: ^[a-f0-9]+$
Required: No
There are three possible values for this field: CURRENT, NON_CURRENT and PENDING_ROTATION. AWS KMS uses CURRENT key material for both encryption and decryption and NON_CURRENT key material only for decryption. PENDING_ROTATION identifies key material that has been imported for on-demand key rotation but the rotation hasn't completed. Key material in PENDING_ROTATION is not permanently associated with the KMS key. You can delete this key material and import different key material in its place. The PENDING_ROTATION value is only used in symmetric encryption keys with imported key material. The other values, CURRENT and NON_CURRENT, are used for all KMS keys that support automatic or on-demand key rotation.
Type: String
Valid Values: NON_CURRENT | CURRENT | PENDING_ROTATION
Required: No
Date and time that the key material rotation completed. Formatted as Unix time. This field is not present for the first key material or an imported key material in PENDING_ROTATION state.
Type: Timestamp
Required: No
Identifies whether the key material rotation was a scheduled automatic rotation or an on-demand rotation. This field is not present for the first key material or an imported key material in PENDING_ROTATION state.
Type: String
Valid Values: AUTOMATIC | ON_DEMAND
Required: No
Date and time at which the key material expires. This field is only present for symmetric encryption KMS keys with EXTERNAL origin in rotation list entries with an ExpirationModel value of KEY_MATERIAL_EXPIRES.
Type: Timestamp
Required: No
For more information about using this API in one of the language-specific AWS SDKs, see the following:
Did this page help you? - Yes
Thanks for letting us know we're doing a good job!
If you've got a moment, please tell us what we did right so we can do more of it.
Did this page help you? - No
Thanks for letting us know this page needs work. We're sorry we let you down.
If you've got a moment, please tell us how we can make the documentation better.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4