AWS::ACMPCA::Certificate KeyUsage
Defines one or more purposes for which the key contained in the certificate can be used. Default value for each option is false.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "CRLSign" :
Boolean
, "DataEncipherment" :Boolean
, "DecipherOnly" :Boolean
, "DigitalSignature" :Boolean
, "EncipherOnly" :Boolean
, "KeyAgreement" :Boolean
, "KeyCertSign" :Boolean
, "KeyEncipherment" :Boolean
, "NonRepudiation" :Boolean
}
YAML
CRLSign:
Boolean
DataEncipherment:Boolean
DecipherOnly:Boolean
DigitalSignature:Boolean
EncipherOnly:Boolean
KeyAgreement:Boolean
KeyCertSign:Boolean
KeyEncipherment:Boolean
NonRepudiation:Boolean
Properties
CRLSign
-
Key can be used to sign CRLs.
Required: No
Type: Boolean
Update requires: Replacement
DataEncipherment
-
Key can be used to decipher data.
Required: No
Type: Boolean
Update requires: Replacement
DecipherOnly
-
Key can be used only to decipher data.
Required: No
Type: Boolean
Update requires: Replacement
DigitalSignature
-
Key can be used for digital signing.
Required: No
Type: Boolean
Update requires: Replacement
EncipherOnly
-
Key can be used only to encipher data.
Required: No
Type: Boolean
Update requires: Replacement
KeyAgreement
-
Key can be used in a key-agreement protocol.
Required: No
Type: Boolean
Update requires: Replacement
KeyCertSign
-
Key can be used to sign certificates.
Required: No
Type: Boolean
Update requires: Replacement
KeyEncipherment
-
Key can be used to encipher data.
Required: No
Type: Boolean
Update requires: Replacement
NonRepudiation
-
Key can be used for non-repudiation.
Required: No
Type: Boolean
Update requires: Replacement