Class KeyProps
Construction properties for a KMS Key object.
Inheritance
Implements
Namespace: Amazon.CDK.AWS.KMS
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class KeyProps : Object, IKeyProps
Syntax (vb)
Public Class KeyProps
Inherits Object
Implements IKeyProps
Remarks
ExampleMetadata: infused
Examples
using Amazon.CDK.AWS.KMS;
var sourceOutput = new Artifact();
var targetBucket = new Bucket(this, "MyBucket");
var key = new Key(this, "EnvVarEncryptKey", new KeyProps {
Description = "sample key"
});
var pipeline = new Pipeline(this, "MyPipeline");
var deployAction = new S3DeployAction(new S3DeployActionProps {
ActionName = "S3Deploy",
Bucket = targetBucket,
Input = sourceOutput,
EncryptionKey = key
});
var deployStage = pipeline.AddStage(new StageOptions {
StageName = "Deploy",
Actions = new [] { deployAction }
});
Synopsis
Constructors
KeyProps() |
Properties
Admins | A list of principals to add as key administrators to the key policy. |
Alias | Initial alias to add to the key. |
Description | A description of the key. |
Enabled | Indicates whether the key is available for use. |
EnableKeyRotation | Indicates whether AWS KMS rotates the key. |
KeySpec | The cryptographic configuration of the key. The valid value depends on usage of the key. |
KeyUsage | The cryptographic operations for which the key can be used. |
PendingWindow | Specifies the number of days in the waiting period before AWS KMS deletes a CMK that has been removed from a CloudFormation stack. |
Policy | Custom policy document to attach to the KMS key. |
RemovalPolicy | Whether the encryption key should be retained when it is removed from the Stack. |
RotationPeriod | The period between each automatic rotation. |
Constructors
KeyProps()
public KeyProps()
Properties
Admins
A list of principals to add as key administrators to the key policy.
public IPrincipal[] Admins { get; set; }
Property Value
Remarks
Key administrators have permissions to manage the key (e.g., change permissions, revoke), but do not have permissions to use the key in cryptographic operations (e.g., encrypt, decrypt).
These principals will be added to the default key policy (if none specified), or to the specified policy (if provided).
Default: []
Alias
Initial alias to add to the key.
public string Alias { get; set; }
Property Value
System.String
Remarks
More aliases can be added later by calling addAlias
.
Default: - No alias is added for the key.
Description
A description of the key.
public string Description { get; set; }
Property Value
System.String
Remarks
Use a description that helps your users decide whether the key is appropriate for a particular task.
Default: - No description.
Enabled
Indicates whether the key is available for use.
public Nullable<bool> Enabled { get; set; }
Property Value
System.Nullable<System.Boolean>
Remarks
Default: - Key is enabled.
EnableKeyRotation
Indicates whether AWS KMS rotates the key.
public Nullable<bool> EnableKeyRotation { get; set; }
Property Value
System.Nullable<System.Boolean>
Remarks
Default: false
KeySpec
The cryptographic configuration of the key. The valid value depends on usage of the key.
public Nullable<KeySpec> KeySpec { get; set; }
Property Value
System.Nullable<KeySpec>
Remarks
IMPORTANT: If you change this property of an existing key, the existing key is scheduled for deletion and a new key is created with the specified value.
Default: KeySpec.SYMMETRIC_DEFAULT
KeyUsage
The cryptographic operations for which the key can be used.
public Nullable<KeyUsage> KeyUsage { get; set; }
Property Value
System.Nullable<KeyUsage>
Remarks
IMPORTANT: If you change this property of an existing key, the existing key is scheduled for deletion and a new key is created with the specified value.
Default: KeyUsage.ENCRYPT_DECRYPT
PendingWindow
Specifies the number of days in the waiting period before AWS KMS deletes a CMK that has been removed from a CloudFormation stack.
public Duration PendingWindow { get; set; }
Property Value
Remarks
When you remove a customer master key (CMK) from a CloudFormation stack, AWS KMS schedules the CMK for deletion and starts the mandatory waiting period. The PendingWindowInDays property determines the length of waiting period. During the waiting period, the key state of CMK is Pending Deletion, which prevents the CMK from being used in cryptographic operations. When the waiting period expires, AWS KMS permanently deletes the CMK.
Enter a value between 7 and 30 days.
Default: - 30 days
Policy
Custom policy document to attach to the KMS key.
public PolicyDocument Policy { get; set; }
Property Value
Remarks
NOTE - If the @aws-cdk/aws-kms:defaultKeyPolicies
feature flag is set (the default for new projects),
this policy will override the default key policy and become the only key policy for the key. If the
feature flag is not set, this policy will be appended to the default key policy.
Default: - A policy document with permissions for the account root to administer the key will be created.
RemovalPolicy
Whether the encryption key should be retained when it is removed from the Stack.
public Nullable<RemovalPolicy> RemovalPolicy { get; set; }
Property Value
System.Nullable<RemovalPolicy>
Remarks
This is useful when one wants to retain access to data that was encrypted with a key that is being retired.
Default: RemovalPolicy.Retain
RotationPeriod
The period between each automatic rotation.
public Duration RotationPeriod { get; set; }
Property Value
Remarks
Default: - set by CFN to 365 days.