Struct aws_sdk_kms::types::KeyMetadata
source · #[non_exhaustive]pub struct KeyMetadata {Show 24 fields
pub aws_account_id: Option<String>,
pub key_id: String,
pub arn: Option<String>,
pub creation_date: Option<DateTime>,
pub enabled: bool,
pub description: Option<String>,
pub key_usage: Option<KeyUsageType>,
pub key_state: Option<KeyState>,
pub deletion_date: Option<DateTime>,
pub valid_to: Option<DateTime>,
pub origin: Option<OriginType>,
pub custom_key_store_id: Option<String>,
pub cloud_hsm_cluster_id: Option<String>,
pub expiration_model: Option<ExpirationModelType>,
pub key_manager: Option<KeyManagerType>,
pub customer_master_key_spec: Option<CustomerMasterKeySpec>,
pub key_spec: Option<KeySpec>,
pub encryption_algorithms: Option<Vec<EncryptionAlgorithmSpec>>,
pub signing_algorithms: Option<Vec<SigningAlgorithmSpec>>,
pub multi_region: Option<bool>,
pub multi_region_configuration: Option<MultiRegionConfiguration>,
pub pending_deletion_window_in_days: Option<i32>,
pub mac_algorithms: Option<Vec<MacAlgorithmSpec>>,
pub xks_key_configuration: Option<XksKeyConfigurationType>,
}
Expand description
Contains metadata about a KMS key.
This data type is used as a response element for the CreateKey
, DescribeKey
, and ReplicateKey
operations.
Fields (Non-exhaustive)§
This struct is marked as non-exhaustive
Struct { .. }
syntax; cannot be matched against without a wildcard ..
; and struct update syntax will not work.aws_account_id: Option<String>
The twelve-digit account ID of the Amazon Web Services account that owns the KMS key.
key_id: String
The globally unique identifier for the KMS key.
arn: Option<String>
The Amazon Resource Name (ARN) of the KMS key. For examples, see Key Management Service (KMS) in the Example ARNs section of the Amazon Web Services General Reference.
creation_date: Option<DateTime>
The date and time when the KMS key was created.
enabled: bool
Specifies whether the KMS key is enabled. When KeyState
is Enabled
this value is true, otherwise it is false.
description: Option<String>
The description of the KMS key.
key_usage: Option<KeyUsageType>
The cryptographic operations for which you can use the KMS key.
key_state: Option<KeyState>
The current status of the KMS key.
For more information about how key state affects the use of a KMS key, see Key states of KMS keys in the Key Management Service Developer Guide.
deletion_date: Option<DateTime>
The date and time after which KMS deletes this KMS key. This value is present only when the KMS key is scheduled for deletion, that is, when its KeyState
is PendingDeletion
.
When the primary key in a multi-Region key is scheduled for deletion but still has replica keys, its key state is PendingReplicaDeletion
and the length of its waiting period is displayed in the PendingDeletionWindowInDays
field.
valid_to: Option<DateTime>
The time at which the imported key material expires. When the key material expires, KMS deletes the key material and the KMS key becomes unusable. This value is present only for KMS keys whose Origin
is EXTERNAL
and whose ExpirationModel
is KEY_MATERIAL_EXPIRES
, otherwise this value is omitted.
origin: Option<OriginType>
The source of the key material for the KMS key. When this value is AWS_KMS
, KMS created the key material. When this value is EXTERNAL
, the key material was imported or the KMS key doesn't have any key material. When this value is AWS_CLOUDHSM
, the key material was created in the CloudHSM cluster associated with a custom key store.
custom_key_store_id: Option<String>
A unique identifier for the custom key store that contains the KMS key. This field is present only when the KMS key is created in a custom key store.
cloud_hsm_cluster_id: Option<String>
The cluster ID of the CloudHSM cluster that contains the key material for the KMS key. When you create a KMS key in an CloudHSM custom key store, KMS creates the key material for the KMS key in the associated CloudHSM cluster. This field is present only when the KMS key is created in an CloudHSM key store.
expiration_model: Option<ExpirationModelType>
Specifies whether the KMS key's key material expires. This value is present only when Origin
is EXTERNAL
, otherwise this value is omitted.
key_manager: Option<KeyManagerType>
The manager of the KMS key. KMS keys in your Amazon Web Services account are either customer managed or Amazon Web Services managed. For more information about the difference, see KMS keys in the Key Management Service Developer Guide.
customer_master_key_spec: Option<CustomerMasterKeySpec>
Instead, use the KeySpec
field.
The KeySpec
and CustomerMasterKeySpec
fields have the same value. We recommend that you use the KeySpec
field in your code. However, to avoid breaking changes, KMS supports both fields.
key_spec: Option<KeySpec>
Describes the type of key material in the KMS key.
encryption_algorithms: Option<Vec<EncryptionAlgorithmSpec>>
The encryption algorithms that the KMS key supports. You cannot use the KMS key with other encryption algorithms within KMS.
This value is present only when the KeyUsage
of the KMS key is ENCRYPT_DECRYPT
.
signing_algorithms: Option<Vec<SigningAlgorithmSpec>>
The signing algorithms that the KMS key supports. You cannot use the KMS key with other signing algorithms within KMS.
This field appears only when the KeyUsage
of the KMS key is SIGN_VERIFY
.
multi_region: Option<bool>
Indicates whether the KMS key is a multi-Region (True
) or regional (False
) key. This value is True
for multi-Region primary and replica keys and False
for regional KMS keys.
For more information about multi-Region keys, see Multi-Region keys in KMS in the Key Management Service Developer Guide.
multi_region_configuration: Option<MultiRegionConfiguration>
Lists the primary and replica keys in same multi-Region key. This field is present only when the value of the MultiRegion
field is True
.
For more information about any listed KMS key, use the DescribeKey
operation.
-
MultiRegionKeyType
indicates whether the KMS key is aPRIMARY
orREPLICA
key. -
PrimaryKey
displays the key ARN and Region of the primary key. This field displays the current KMS key if it is the primary key. -
ReplicaKeys
displays the key ARNs and Regions of all replica keys. This field includes the current KMS key if it is a replica key.
pending_deletion_window_in_days: Option<i32>
The waiting period before the primary key in a multi-Region key is deleted. This waiting period begins when the last of its replica keys is deleted. This value is present only when the KeyState
of the KMS key is PendingReplicaDeletion
. That indicates that the KMS key is the primary key in a multi-Region key, it is scheduled for deletion, and it still has existing replica keys.
When a single-Region KMS key or a multi-Region replica key is scheduled for deletion, its deletion date is displayed in the DeletionDate
field. However, when the primary key in a multi-Region key is scheduled for deletion, its waiting period doesn't begin until all of its replica keys are deleted. This value displays that waiting period. When the last replica key in the multi-Region key is deleted, the KeyState
of the scheduled primary key changes from PendingReplicaDeletion
to PendingDeletion
and the deletion date appears in the DeletionDate
field.
mac_algorithms: Option<Vec<MacAlgorithmSpec>>
The message authentication code (MAC) algorithm that the HMAC KMS key supports.
This value is present only when the KeyUsage
of the KMS key is GENERATE_VERIFY_MAC
.
xks_key_configuration: Option<XksKeyConfigurationType>
Information about the external key that is associated with a KMS key in an external key store.
For more information, see External key in the Key Management Service Developer Guide.
Implementations§
source§impl KeyMetadata
impl KeyMetadata
sourcepub fn aws_account_id(&self) -> Option<&str>
pub fn aws_account_id(&self) -> Option<&str>
The twelve-digit account ID of the Amazon Web Services account that owns the KMS key.
sourcepub fn arn(&self) -> Option<&str>
pub fn arn(&self) -> Option<&str>
The Amazon Resource Name (ARN) of the KMS key. For examples, see Key Management Service (KMS) in the Example ARNs section of the Amazon Web Services General Reference.
sourcepub fn creation_date(&self) -> Option<&DateTime>
pub fn creation_date(&self) -> Option<&DateTime>
The date and time when the KMS key was created.
sourcepub fn enabled(&self) -> bool
pub fn enabled(&self) -> bool
Specifies whether the KMS key is enabled. When KeyState
is Enabled
this value is true, otherwise it is false.
sourcepub fn description(&self) -> Option<&str>
pub fn description(&self) -> Option<&str>
The description of the KMS key.
sourcepub fn key_usage(&self) -> Option<&KeyUsageType>
pub fn key_usage(&self) -> Option<&KeyUsageType>
The cryptographic operations for which you can use the KMS key.
sourcepub fn key_state(&self) -> Option<&KeyState>
pub fn key_state(&self) -> Option<&KeyState>
The current status of the KMS key.
For more information about how key state affects the use of a KMS key, see Key states of KMS keys in the Key Management Service Developer Guide.
sourcepub fn deletion_date(&self) -> Option<&DateTime>
pub fn deletion_date(&self) -> Option<&DateTime>
The date and time after which KMS deletes this KMS key. This value is present only when the KMS key is scheduled for deletion, that is, when its KeyState
is PendingDeletion
.
When the primary key in a multi-Region key is scheduled for deletion but still has replica keys, its key state is PendingReplicaDeletion
and the length of its waiting period is displayed in the PendingDeletionWindowInDays
field.
sourcepub fn valid_to(&self) -> Option<&DateTime>
pub fn valid_to(&self) -> Option<&DateTime>
The time at which the imported key material expires. When the key material expires, KMS deletes the key material and the KMS key becomes unusable. This value is present only for KMS keys whose Origin
is EXTERNAL
and whose ExpirationModel
is KEY_MATERIAL_EXPIRES
, otherwise this value is omitted.
sourcepub fn origin(&self) -> Option<&OriginType>
pub fn origin(&self) -> Option<&OriginType>
The source of the key material for the KMS key. When this value is AWS_KMS
, KMS created the key material. When this value is EXTERNAL
, the key material was imported or the KMS key doesn't have any key material. When this value is AWS_CLOUDHSM
, the key material was created in the CloudHSM cluster associated with a custom key store.
sourcepub fn custom_key_store_id(&self) -> Option<&str>
pub fn custom_key_store_id(&self) -> Option<&str>
A unique identifier for the custom key store that contains the KMS key. This field is present only when the KMS key is created in a custom key store.
sourcepub fn cloud_hsm_cluster_id(&self) -> Option<&str>
pub fn cloud_hsm_cluster_id(&self) -> Option<&str>
The cluster ID of the CloudHSM cluster that contains the key material for the KMS key. When you create a KMS key in an CloudHSM custom key store, KMS creates the key material for the KMS key in the associated CloudHSM cluster. This field is present only when the KMS key is created in an CloudHSM key store.
sourcepub fn expiration_model(&self) -> Option<&ExpirationModelType>
pub fn expiration_model(&self) -> Option<&ExpirationModelType>
Specifies whether the KMS key's key material expires. This value is present only when Origin
is EXTERNAL
, otherwise this value is omitted.
sourcepub fn key_manager(&self) -> Option<&KeyManagerType>
pub fn key_manager(&self) -> Option<&KeyManagerType>
The manager of the KMS key. KMS keys in your Amazon Web Services account are either customer managed or Amazon Web Services managed. For more information about the difference, see KMS keys in the Key Management Service Developer Guide.
sourcepub fn customer_master_key_spec(&self) -> Option<&CustomerMasterKeySpec>
👎Deprecated: This field has been deprecated. Instead, use the KeySpec field.
pub fn customer_master_key_spec(&self) -> Option<&CustomerMasterKeySpec>
Instead, use the KeySpec
field.
The KeySpec
and CustomerMasterKeySpec
fields have the same value. We recommend that you use the KeySpec
field in your code. However, to avoid breaking changes, KMS supports both fields.
sourcepub fn encryption_algorithms(&self) -> &[EncryptionAlgorithmSpec]
pub fn encryption_algorithms(&self) -> &[EncryptionAlgorithmSpec]
The encryption algorithms that the KMS key supports. You cannot use the KMS key with other encryption algorithms within KMS.
This value is present only when the KeyUsage
of the KMS key is ENCRYPT_DECRYPT
.
If no value was sent for this field, a default will be set. If you want to determine if no value was sent, use .encryption_algorithms.is_none()
.
sourcepub fn signing_algorithms(&self) -> &[SigningAlgorithmSpec]
pub fn signing_algorithms(&self) -> &[SigningAlgorithmSpec]
The signing algorithms that the KMS key supports. You cannot use the KMS key with other signing algorithms within KMS.
This field appears only when the KeyUsage
of the KMS key is SIGN_VERIFY
.
If no value was sent for this field, a default will be set. If you want to determine if no value was sent, use .signing_algorithms.is_none()
.
sourcepub fn multi_region(&self) -> Option<bool>
pub fn multi_region(&self) -> Option<bool>
Indicates whether the KMS key is a multi-Region (True
) or regional (False
) key. This value is True
for multi-Region primary and replica keys and False
for regional KMS keys.
For more information about multi-Region keys, see Multi-Region keys in KMS in the Key Management Service Developer Guide.
sourcepub fn multi_region_configuration(&self) -> Option<&MultiRegionConfiguration>
pub fn multi_region_configuration(&self) -> Option<&MultiRegionConfiguration>
Lists the primary and replica keys in same multi-Region key. This field is present only when the value of the MultiRegion
field is True
.
For more information about any listed KMS key, use the DescribeKey
operation.
-
MultiRegionKeyType
indicates whether the KMS key is aPRIMARY
orREPLICA
key. -
PrimaryKey
displays the key ARN and Region of the primary key. This field displays the current KMS key if it is the primary key. -
ReplicaKeys
displays the key ARNs and Regions of all replica keys. This field includes the current KMS key if it is a replica key.
sourcepub fn pending_deletion_window_in_days(&self) -> Option<i32>
pub fn pending_deletion_window_in_days(&self) -> Option<i32>
The waiting period before the primary key in a multi-Region key is deleted. This waiting period begins when the last of its replica keys is deleted. This value is present only when the KeyState
of the KMS key is PendingReplicaDeletion
. That indicates that the KMS key is the primary key in a multi-Region key, it is scheduled for deletion, and it still has existing replica keys.
When a single-Region KMS key or a multi-Region replica key is scheduled for deletion, its deletion date is displayed in the DeletionDate
field. However, when the primary key in a multi-Region key is scheduled for deletion, its waiting period doesn't begin until all of its replica keys are deleted. This value displays that waiting period. When the last replica key in the multi-Region key is deleted, the KeyState
of the scheduled primary key changes from PendingReplicaDeletion
to PendingDeletion
and the deletion date appears in the DeletionDate
field.
sourcepub fn mac_algorithms(&self) -> &[MacAlgorithmSpec]
pub fn mac_algorithms(&self) -> &[MacAlgorithmSpec]
The message authentication code (MAC) algorithm that the HMAC KMS key supports.
This value is present only when the KeyUsage
of the KMS key is GENERATE_VERIFY_MAC
.
If no value was sent for this field, a default will be set. If you want to determine if no value was sent, use .mac_algorithms.is_none()
.
sourcepub fn xks_key_configuration(&self) -> Option<&XksKeyConfigurationType>
pub fn xks_key_configuration(&self) -> Option<&XksKeyConfigurationType>
Information about the external key that is associated with a KMS key in an external key store.
For more information, see External key in the Key Management Service Developer Guide.
source§impl KeyMetadata
impl KeyMetadata
sourcepub fn builder() -> KeyMetadataBuilder
pub fn builder() -> KeyMetadataBuilder
Creates a new builder-style object to manufacture KeyMetadata
.
Trait Implementations§
source§impl Clone for KeyMetadata
impl Clone for KeyMetadata
source§fn clone(&self) -> KeyMetadata
fn clone(&self) -> KeyMetadata
1.0.0 · source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read moresource§impl Debug for KeyMetadata
impl Debug for KeyMetadata
source§impl PartialEq for KeyMetadata
impl PartialEq for KeyMetadata
source§fn eq(&self, other: &KeyMetadata) -> bool
fn eq(&self, other: &KeyMetadata) -> bool
self
and other
values to be equal, and is used
by ==
.