class Aws::KMS::Types::ImportKeyMaterialRequest
@see docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ImportKeyMaterialRequest AWS API Documentation
@return [String]
ListKeyRotations.
To get the list of key material IDs associated with a KMS key, use
KMS key
* Verifies that the key material ID is already associated with the
ID
* Matches the computed identifier against the specified key material
* Computes the identifier for the key material
you re-import key material with a specified key material ID, KMS:
material based on the KMS key ID and the imported key material. When
symmetric encryption key, KMS assigns a unique identifier to the key
`NEW_KEY_MATERIAL`. Whenever you import key material into a
specify a key material ID with ‘ImportType` set to
optional and only usable with symmetric encryption keys. You cannot
Identifies the key material being imported. This parameter is
@!attribute [rw] key_material_id
@return [String]
key.
specified when you last imported the same key material into this KMS
not specify a key material description, KMS retains the value you
optional and only usable with symmetric encryption keys. If you do
Description for the key material being imported. This parameter is
@!attribute [rw] key_material_description
@return [String]
parameter defaults to `EXISTING_KEY_MATERIAL`.
material is imported, if this parameter is omitted then the
the parameter defaults to `NEW_KEY_MATERIAL`. After the first key
ever been imported into the KMS key, and this parameter is omitted,
only usable with symmetric encryption keys. If no key material has
associated with this KMS key or not. This parameter is optional and
Indicates whether the key material being imported is previously
@!attribute [rw] import_type
@return [String]<br>: docs.aws.amazon.com/kms/latest/developerguide/importing-keys-import-key-material.html#importing-keys-expiration<br><br><br><br>you must reimport the key material.
current import after the request completes. To change either value,
You cannot change the `ExpirationModel` or `ValidTo` values for the
parameter.
`KEY_MATERIAL_DOES_NOT_EXPIRE`, you must omit the `ValidTo`
must specify a value for the `ValidTo` parameter. When value is
When the value of `ExpirationModel` is `KEY_MATERIAL_EXPIRES`, you
expiration time] in the *Key Management Service Developer Guide*.
`KEY_MATERIAL_EXPIRES`. For help with this choice, see [Setting an
Specifies whether the key material expires. The default is
@!attribute [rw] expiration_model
@return [Time]
material.
you must delete (DeleteImportedKeyMaterial) and reimport the key
current import after the request completes. To change either value,
You cannot change the `ExpirationModel` or `ValidTo` values for the
key material.
the KMS key in cryptographic operations, you must reimport the same
KMS key. Without its key material, the KMS key is unusable. To use
When the key material expires, KMS deletes the key material from the
maximum value is 365 days from the request date.
The value of this parameter must be a future date and time. The
parameter is `KEY_MATERIAL_EXPIRES`. Otherwise it is not valid.
parameter is required when the value of the `ExpirationModel`
The date and time when the imported key material expires. This
@!attribute [rw] valid_to
@return [String]
same `GetParametersForImport` request.
returned, using the wrapping algorithm that you specified in the
encrypted under the public wrapping key that GetParametersForImport
The encrypted key material to import. The key material must be
@!attribute [rw] encrypted_key_material
@return [String]
material.
that contained the public key that you used to encrypt the key
GetParametersForImport request. It must be from the same response
The import token that you received in the response to a previous
@!attribute [rw] import_token
@return [String]<br>: docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html<br><br><br><br>DescribeKey.
To get the key ID and key ARN for a KMS key, use ListKeys or
`arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
* Key ARN:
* Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`
For example:
Specify the key ID or key ARN of the KMS key.
KMS key in a different Amazon Web Services account.
perform this operation on a KMS key in a custom key store, or on a
including a [multi-Region key] of any supported type. You cannot
asymmetric encryption KMS key, or asymmetric signing KMS key,
The KMS key can be a symmetric encryption KMS key, HMAC KMS key,
`KeyState` must be `PendingImport`.
request. The `Origin` of the KMS key must be `EXTERNAL` and its
the `KeyID` parameter of the corresponding GetParametersForImport
imported key material. This must be the same KMS key specified in
The identifier of the KMS key that will be associated with the
@!attribute [rw] key_id