DeleteKey
Deletes the key material and metadata associated with AWS Payment Cryptography key.
Key deletion is irreversible. After a key is deleted, you can't perform cryptographic operations using the key. For example, you can't decrypt data that was encrypted by a deleted AWS Payment Cryptography key, and the data may become unrecoverable. Because key deletion is destructive, AWS Payment Cryptography has a safety mechanism to prevent accidental deletion of a key. When you call this operation, AWS Payment Cryptography disables the specified key but doesn't delete it until after a waiting period set using DeleteKeyInDays
. The default waiting period is 7 days. During the waiting period, the KeyState
is DELETE_PENDING
. After the key is deleted, the KeyState
is DELETE_COMPLETE
.
You should delete a key only when you are sure that you don't need to use it anymore and no other parties are utilizing this key. If you aren't sure, consider deactivating it instead by calling StopKeyUsage.
Cross-account use: This operation can't be used across different AWS accounts.
Related operations:
Request Syntax
{
"DeleteKeyInDays": number
,
"KeyIdentifier": "string
"
}
Request Parameters
The request accepts the following data in JSON format.
- DeleteKeyInDays
-
The waiting period for key deletion. The default value is seven days.
Type: Integer
Valid Range: Minimum value of 3. Maximum value of 180.
Required: No
- KeyIdentifier
-
The
KeyARN
of the key that is scheduled for deletion.Type: String
Length Constraints: Minimum length of 7. Maximum length of 322.
Pattern:
arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:(key/[0-9a-zA-Z]{16,64}|alias/[a-zA-Z0-9/_-]+)$|^alias/[a-zA-Z0-9/_-]+
Required: Yes
Response Syntax
{
"Key": {
"CreateTimestamp": number,
"DeletePendingTimestamp": number,
"DeleteTimestamp": number,
"Enabled": boolean,
"Exportable": boolean,
"KeyArn": "string",
"KeyAttributes": {
"KeyAlgorithm": "string",
"KeyClass": "string",
"KeyModesOfUse": {
"Decrypt": boolean,
"DeriveKey": boolean,
"Encrypt": boolean,
"Generate": boolean,
"NoRestrictions": boolean,
"Sign": boolean,
"Unwrap": boolean,
"Verify": boolean,
"Wrap": boolean
},
"KeyUsage": "string"
},
"KeyCheckValue": "string",
"KeyCheckValueAlgorithm": "string",
"KeyOrigin": "string",
"KeyState": "string",
"UsageStartTimestamp": number,
"UsageStopTimestamp": number
}
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
Errors
- AccessDeniedException
-
You do not have sufficient access to perform this action.
HTTP Status Code: 400
- ConflictException
-
This request can cause an inconsistent state for the resource.
HTTP Status Code: 400
- InternalServerException
-
The request processing has failed because of an unknown error, exception, or failure.
HTTP Status Code: 500
- ResourceNotFoundException
-
The request was denied due to an invalid resource error.
HTTP Status Code: 400
- ServiceUnavailableException
-
The service cannot complete the request.
HTTP Status Code: 500
- ThrottlingException
-
The request was denied due to request throttling.
HTTP Status Code: 400
- ValidationException
-
The request was denied due to an invalid request error.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: