Class CfnKey
- All Implemented Interfaces:
IInspectable
,ITaggableV2
,software.amazon.jsii.JsiiSerializable
,software.constructs.IConstruct
,software.constructs.IDependable
You use keys for cryptographic functions such as encryption and decryption.
In addition to the key material used in cryptographic operations, an AWS Payment Cryptography key includes metadata such as the key ARN, key usage, key origin, creation date, description, and key state.
When you create a key, you specify both immutable and mutable data about the key. The immutable data contains key attributes that define the scope and cryptographic operations that you can perform using the key, for example key class (example: SYMMETRIC_KEY
), key algorithm (example: TDES_2KEY
), key usage (example: TR31_P0_PIN_ENCRYPTION_KEY
) and key modes of use (example: Encrypt
). For information about valid combinations of key attributes, see Understanding key attributes in the AWS Payment Cryptography User Guide . The mutable data contained within a key includes usage timestamp and key deletion timestamp and can be modified after creation.
AWS Payment Cryptography binds key attributes to keys using key blocks when you store or export them. AWS Payment Cryptography stores the key contents wrapped and never stores or transmits them in the clear.
Cross-account use : This operation can't be used across different AWS accounts.
Related operations:
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import software.amazon.awscdk.services.paymentcryptography.*; CfnKey cfnKey = CfnKey.Builder.create(this, "MyCfnKey") .exportable(false) .keyAttributes(KeyAttributesProperty.builder() .keyAlgorithm("keyAlgorithm") .keyClass("keyClass") .keyModesOfUse(KeyModesOfUseProperty.builder() .decrypt(false) .deriveKey(false) .encrypt(false) .generate(false) .noRestrictions(false) .sign(false) .unwrap(false) .verify(false) .wrap(false) .build()) .keyUsage("keyUsage") .build()) // the properties below are optional .enabled(false) .keyCheckValueAlgorithm("keyCheckValueAlgorithm") .tags(List.of(CfnTag.builder() .key("key") .value("value") .build())) .build();
- See Also:
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic final class
A fluent builder forCfnKey
.static interface
The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key.static interface
The list of cryptographic operations that you can perform using the key.Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject
software.amazon.jsii.JsiiObject.InitializationMode
Nested classes/interfaces inherited from interface software.constructs.IConstruct
software.constructs.IConstruct.Jsii$Default
Nested classes/interfaces inherited from interface software.amazon.awscdk.IInspectable
IInspectable.Jsii$Default, IInspectable.Jsii$Proxy
Nested classes/interfaces inherited from interface software.amazon.awscdk.ITaggableV2
ITaggableV2.Jsii$Default, ITaggableV2.Jsii$Proxy
-
Field Summary
Modifier and TypeFieldDescriptionstatic final String
The CloudFormation resource type name for this resource class. -
Constructor Summary
ModifierConstructorDescriptionprotected
CfnKey
(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) protected
CfnKey
(software.amazon.jsii.JsiiObjectRef objRef) CfnKey
(software.constructs.Construct scope, String id, CfnKeyProps props) -
Method Summary
Modifier and TypeMethodDescriptionThe source of the key material.The state of key that is being created or deleted.Tag Manager which manages the tags for this resource.Specifies whether the key is enabled.Specifies whether the key is exportable.The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key.The algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV).getTags()
void
inspect
(TreeInspector inspector) Examines the CloudFormation resource and discloses attributes.renderProperties
(Map<String, Object> props) void
setEnabled
(Boolean value) Specifies whether the key is enabled.void
setEnabled
(IResolvable value) Specifies whether the key is enabled.void
setExportable
(Boolean value) Specifies whether the key is exportable.void
setExportable
(IResolvable value) Specifies whether the key is exportable.void
setKeyAttributes
(IResolvable value) The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key.void
The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key.void
setKeyCheckValueAlgorithm
(String value) The algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV).void
Methods inherited from class software.amazon.awscdk.CfnResource
addDeletionOverride, addDependency, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, getUpdatedProperties, isCfnResource, obtainDependencies, obtainResourceDependencies, removeDependency, replaceDependency, shouldSynthesize, toString, validateProperties
Methods inherited from class software.amazon.awscdk.CfnRefElement
getRef
Methods inherited from class software.amazon.awscdk.CfnElement
getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalId
Methods inherited from class software.constructs.Construct
getNode, isConstruct
Methods inherited from class software.amazon.jsii.JsiiObject
jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Field Details
-
CFN_RESOURCE_TYPE_NAME
The CloudFormation resource type name for this resource class.
-
-
Constructor Details
-
CfnKey
protected CfnKey(software.amazon.jsii.JsiiObjectRef objRef) -
CfnKey
protected CfnKey(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) -
CfnKey
@Stability(Stable) public CfnKey(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull CfnKeyProps props) - Parameters:
scope
- Scope in which this resource is defined. This parameter is required.id
- Construct identifier for this resource (unique in its scope). This parameter is required.props
- Resource properties. This parameter is required.
-
-
Method Details
-
inspect
Examines the CloudFormation resource and discloses attributes.- Specified by:
inspect
in interfaceIInspectable
- Parameters:
inspector
- tree inspector to collect and process attributes. This parameter is required.
-
renderProperties
@Stability(Stable) @NotNull protected Map<String,Object> renderProperties(@NotNull Map<String, Object> props) - Overrides:
renderProperties
in classCfnResource
- Parameters:
props
- This parameter is required.
-
getAttrKeyIdentifier
-
getAttrKeyOrigin
The source of the key material.For keys created within AWS Payment Cryptography, the value is
AWS_PAYMENT_CRYPTOGRAPHY
. For keys imported into AWS Payment Cryptography, the value isEXTERNAL
. -
getAttrKeyState
The state of key that is being created or deleted. -
getCdkTagManager
Tag Manager which manages the tags for this resource.- Specified by:
getCdkTagManager
in interfaceITaggableV2
-
getCfnProperties
- Overrides:
getCfnProperties
in classCfnResource
-
getExportable
Specifies whether the key is exportable. -
setExportable
Specifies whether the key is exportable. -
setExportable
Specifies whether the key is exportable. -
getKeyAttributes
The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. -
setKeyAttributes
The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. -
setKeyAttributes
The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. -
getEnabled
Specifies whether the key is enabled. -
setEnabled
Specifies whether the key is enabled. -
setEnabled
Specifies whether the key is enabled. -
getKeyCheckValueAlgorithm
The algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV). -
setKeyCheckValueAlgorithm
The algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV). -
getTags
-
setTags
-