/**
* Deletes a KMS key asynchronously.
*
* <p><strong>Warning:</strong> Deleting a KMS key is a destructive and potentially dangerous operation.
* When a KMS key is deleted, all data that was encrypted under the KMS key becomes unrecoverable.
* This means that any files, databases, or other data that were encrypted using the deleted KMS key
* will become permanently inaccessible. Exercise extreme caution when deleting KMS keys.</p>
*
* @param keyId the ID of the KMS key to delete
* @return a {@link CompletableFuture} that completes when the key deletion is scheduled
*/public CompletableFuture<Void> deleteKeyAsync(String keyId){
ScheduleKeyDeletionRequest deletionRequest = ScheduleKeyDeletionRequest.builder()
.keyId(keyId)
.pendingWindowInDays(7)
.build();
return getAsyncClient().scheduleKeyDeletion(deletionRequest)
.thenRun(() -> {
logger.info("Key {} will be deleted in 7 days", keyId);
})
.exceptionally(throwable -> {thrownew RuntimeException("Failed to schedule key deletion for key ID: " + keyId, throwable);
});
}
classKeyManager:def__init__(self, kms_client):
self.kms_client = kms_client
self.created_keys = []
@classmethoddeffrom_client(cls) -> "KeyManager":"""
Creates a KeyManager instance with a default KMS client.
:return: An instance of KeyManager initialized with the default KMS client.
"""
kms_client = boto3.client("kms")
return cls(kms_client)
defdelete_key(self, key_id: str, window: int) -> None:"""
Deletes a list of keys.
Warning:
Deleting a KMS key is a destructive and potentially dangerous operation. When a KMS key is deleted,
all data that was encrypted under the KMS key is unrecoverable.
:param key_id: The ARN or ID of the key to delete.
:param window: The waiting period, in days, before the KMS key is deleted.
"""try:
self.kms_client.schedule_key_deletion(
KeyId=key_id, PendingWindowInDays=window
)
except ClientError as err:
logging.error(
"Couldn't delete key %s. Here's why: %s",
key_id,
err.response["Error"]["Message"],
)
raise
