/* * Copyright 2010-2023 Amazon.com, Inc. or its affiliates. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"). * You may not use this file except in compliance with the License. * A copy of the License is located at * * http://aws.amazon.com/apache2.0 * * or in the "license" file accompanying this file. This file is distributed * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either * express or implied. See the License for the specific language governing * permissions and limitations under the License. */ package com.amazonaws.services.kms.model; import java.io.Serializable; import com.amazonaws.AmazonWebServiceRequest; /** *

* Creates a custom key store backed by a key store that you own and manage. When you * use a KMS key in a custom key store for a cryptographic operation, the * cryptographic operation is actually performed in your key store using your * keys. KMS supports CloudHSM key stores backed by an CloudHSM cluster and external key stores backed by an external key store proxy and external * key manager outside of Amazon Web Services. *

*

* This operation is part of the custom key stores feature in KMS, which combines the convenience and * extensive integration of KMS with the isolation and control of a key store * that you own and manage. *

*

* Before you create the custom key store, the required elements must be in * place and operational. We recommend that you use the test tools that KMS * provides to verify the configuration your external key store proxy. For * details about the required elements and verification tests, see Assemble the prerequisites (for CloudHSM key stores) or Assemble the prerequisites (for external key stores) in the Key * Management Service Developer Guide. *

*

* To create a custom key store, use the following parameters. *

* * *

* For external key stores: *

*

* Some external key managers provide a simpler method for creating an external * key store. For details, see your external key manager documentation. *

*

* When creating an external key store in the KMS console, you can upload a * JSON-based proxy configuration file with the desired values. You cannot use a * proxy configuration with the CreateCustomKeyStore operation. * However, you can use the values in the file to help you determine the correct * values for the CreateCustomKeyStore parameters. *

* *

* When the operation completes successfully, it returns the ID of the new * custom key store. Before you can use your new custom key store, you need to * use the ConnectCustomKeyStore operation to connect a new CloudHSM key * store to its CloudHSM cluster, or to connect a new external key store to the * external key store proxy for your external key manager. Even if you are not * going to use your custom key store immediately, you might want to connect it * to verify that all settings are correct and then disconnect it until you are * ready to use it. *

*

* For help with failures, see Troubleshooting a custom key store in the Key Management Service * Developer Guide. *

*

* Cross-account use: No. You cannot perform this operation on a custom * key store in a different Amazon Web Services account. *

*

* Required permissions: kms:CreateCustomKeyStore (IAM policy). *

*

* Related operations: *

* */ public class CreateCustomKeyStoreRequest extends AmazonWebServiceRequest implements Serializable { /** *

* Specifies a friendly name for the custom key store. The name must be * unique in your Amazon Web Services account and Region. This parameter is * required for all custom key stores. *

* *

* Do not include confidential or sensitive information in this field. This * field may be displayed in plaintext in CloudTrail logs and other output. *

* *

* Constraints:
* Length: 1 - 256
*/ private String customKeyStoreName; /** *

* Identifies the CloudHSM cluster for an CloudHSM key store. This parameter * is required for custom key stores with CustomKeyStoreType of * AWS_CLOUDHSM. *

*

* Enter the cluster ID of any active CloudHSM cluster that is not already * associated with a custom key store. To find the cluster ID, use the DescribeClusters operation. *

*

* Constraints:
* Length: 19 - 24
* Pattern: cluster-[2-7a-zA-Z]{11,16}
*/ private String cloudHsmClusterId; /** *

* Specifies the certificate for an CloudHSM key store. This parameter is * required for custom key stores with a CustomKeyStoreType of * AWS_CLOUDHSM. *

*

* Enter the content of the trust anchor certificate for the CloudHSM * cluster. This is the content of the customerCA.crt file that * you created when you initialized the cluster. *

*

* Constraints:
* Length: 1 - 5000
*/ private String trustAnchorCertificate; /** *

* Specifies the kmsuser password for an CloudHSM key store. * This parameter is required for custom key stores with a * CustomKeyStoreType of AWS_CLOUDHSM. *

*

* Enter the password of the kmsuser crypto user (CU) account in the specified * CloudHSM cluster. KMS logs into the cluster as this user to manage key * material on your behalf. *

*

* The password must be a string of 7 to 32 characters. Its value is case * sensitive. *

*

* This parameter tells KMS the kmsuser account password; it * does not change the password in the CloudHSM cluster. *

*

* Constraints:
* Length: 7 - 32
*/ private String keyStorePassword; /** *

* Specifies the type of custom key store. The default value is * AWS_CLOUDHSM. *

*

* For a custom key store backed by an CloudHSM cluster, omit the parameter * or enter AWS_CLOUDHSM. For a custom key store backed by an * external key manager outside of Amazon Web Services, enter * EXTERNAL_KEY_STORE. You cannot change this property after * the key store is created. *

*

* Constraints:
* Allowed Values: AWS_CLOUDHSM, EXTERNAL_KEY_STORE */ private String customKeyStoreType; /** *

* Specifies the endpoint that KMS uses to send requests to the external key * store proxy (XKS proxy). This parameter is required for custom key stores * with a CustomKeyStoreType of EXTERNAL_KEY_STORE * . *

*

* The protocol must be HTTPS. KMS communicates on port 443. Do not specify * the port in the XksProxyUriEndpoint value. *

*

* For external key stores with XksProxyConnectivity value of * VPC_ENDPOINT_SERVICE, specify https:// followed * by the private DNS name of the VPC endpoint service. *

*

* For external key stores with PUBLIC_ENDPOINT connectivity, * this endpoint must be reachable before you create the custom key store. * KMS connects to the external key store proxy while creating the custom * key store. For external key stores with VPC_ENDPOINT_SERVICE * connectivity, KMS connects when you call the ConnectCustomKeyStore * operation. *

*

* The value of this parameter must begin with https://. The * remainder can contain upper and lower case letters (A-Z and a-z), numbers * (0-9), dots (.), and hyphens (-). Additional * slashes (/ and \) are not permitted. *

*

* Uniqueness requirements: *

* *

* Constraints:
* Length: 10 - 128
* Pattern: ^https://[a-zA-Z0-9.-]+$
*/ private String xksProxyUriEndpoint; /** *

* Specifies the base path to the proxy APIs for this external key store. To * find this value, see the documentation for your external key store proxy. * This parameter is required for all custom key stores with a * CustomKeyStoreType of EXTERNAL_KEY_STORE. *

*

* The value must start with / and must end with * /kms/xks/v1 where v1 represents the version of * the KMS external key store proxy API. This path can include an optional * prefix between the required elements such as * /prefix/kms/xks/v1. *

*

* Uniqueness requirements: *

* *

* Constraints:
* Length: 10 - 128
* Pattern: * ^(/[a-zA-Z0-9\/_-]+/kms/xks/v\d{1,2})$|^(/kms/xks/v\d{1,2})$
*/ private String xksProxyUriPath; /** *

* Specifies the name of the Amazon VPC endpoint service for interface * endpoints that is used to communicate with your external key store proxy * (XKS proxy). This parameter is required when the value of * CustomKeyStoreType is EXTERNAL_KEY_STORE and * the value of XksProxyConnectivity is * VPC_ENDPOINT_SERVICE. *

*

* The Amazon VPC endpoint service must fulfill all requirements for use with an external key store. *

*

* Uniqueness requirements: *

* *

* Constraints:
* Length: 20 - 64
* Pattern: * ^com\.amazonaws\.vpce\.([a-z]+-){2,3}\d+\.vpce-svc-[0-9a-z]+$
*/ private String xksProxyVpcEndpointServiceName; /** *

* Specifies an authentication credential for the external key store proxy * (XKS proxy). This parameter is required for all custom key stores with a * CustomKeyStoreType of EXTERNAL_KEY_STORE. *

*

* The XksProxyAuthenticationCredential has two required * elements: RawSecretAccessKey, a secret key, and * AccessKeyId, a unique identifier for the * RawSecretAccessKey. For character requirements, see XksProxyAuthenticationCredentialType. *

*

* KMS uses this authentication credential to sign requests to the external * key store proxy on your behalf. This credential is unrelated to Identity * and Access Management (IAM) and Amazon Web Services credentials. *

*

* This parameter doesn't set or change the authentication credentials on * the XKS proxy. It just tells KMS the credential that you established on * your external key store proxy. If you rotate your proxy authentication * credential, use the UpdateCustomKeyStore operation to provide the * new credential to KMS. *

*/ private XksProxyAuthenticationCredentialType xksProxyAuthenticationCredential; /** *

* Indicates how KMS communicates with the external key store proxy. This * parameter is required for custom key stores with a * CustomKeyStoreType of EXTERNAL_KEY_STORE. *

*

* If the external key store proxy uses a public endpoint, specify * PUBLIC_ENDPOINT. If the external key store proxy uses a * Amazon VPC endpoint service for communication with KMS, specify * VPC_ENDPOINT_SERVICE. For help making this choice, see Choosing a connectivity option in the Key Management Service * Developer Guide. *

*

* An Amazon VPC endpoint service keeps your communication with KMS in a * private address space entirely within Amazon Web Services, but it * requires more configuration, including establishing a Amazon VPC with * multiple subnets, a VPC endpoint service, a network load balancer, and a * verified private DNS name. A public endpoint is simpler to set up, but it * might be slower and might not fulfill your security requirements. You * might consider testing with a public endpoint, and then establishing a * VPC endpoint service for production tasks. Note that this choice does not * determine the location of the external key store proxy. Even if you * choose a VPC endpoint service, the proxy can be hosted within the VPC or * outside of Amazon Web Services such as in your corporate data center. *

*

* Constraints:
* Allowed Values: PUBLIC_ENDPOINT, VPC_ENDPOINT_SERVICE */ private String xksProxyConnectivity; /** *

* Specifies a friendly name for the custom key store. The name must be * unique in your Amazon Web Services account and Region. This parameter is * required for all custom key stores. *

* *

* Do not include confidential or sensitive information in this field. This * field may be displayed in plaintext in CloudTrail logs and other output. *

* *

* Constraints:
* Length: 1 - 256
* * @return

* Specifies a friendly name for the custom key store. The name must * be unique in your Amazon Web Services account and Region. This * parameter is required for all custom key stores. *

* *

* Do not include confidential or sensitive information in this * field. This field may be displayed in plaintext in CloudTrail * logs and other output. *

* */ public String getCustomKeyStoreName() { return customKeyStoreName; } /** *

* Specifies a friendly name for the custom key store. The name must be * unique in your Amazon Web Services account and Region. This parameter is * required for all custom key stores. *

* *

* Do not include confidential or sensitive information in this field. This * field may be displayed in plaintext in CloudTrail logs and other output. *

* *

* Constraints:
* Length: 1 - 256
* * @param customKeyStoreName

* Specifies a friendly name for the custom key store. The name * must be unique in your Amazon Web Services account and Region. * This parameter is required for all custom key stores. *

* *

* Do not include confidential or sensitive information in this * field. This field may be displayed in plaintext in CloudTrail * logs and other output. *

* */ public void setCustomKeyStoreName(String customKeyStoreName) { this.customKeyStoreName = customKeyStoreName; } /** *

* Specifies a friendly name for the custom key store. The name must be * unique in your Amazon Web Services account and Region. This parameter is * required for all custom key stores. *

* *

* Do not include confidential or sensitive information in this field. This * field may be displayed in plaintext in CloudTrail logs and other output. *

* *

* Returns a reference to this object so that method calls can be chained * together. *

* Constraints:
* Length: 1 - 256
* * @param customKeyStoreName

* Specifies a friendly name for the custom key store. The name * must be unique in your Amazon Web Services account and Region. * This parameter is required for all custom key stores. *

* *

* Do not include confidential or sensitive information in this * field. This field may be displayed in plaintext in CloudTrail * logs and other output. *

* * @return A reference to this updated object so that method calls can be * chained together. */ public CreateCustomKeyStoreRequest withCustomKeyStoreName(String customKeyStoreName) { this.customKeyStoreName = customKeyStoreName; return this; } /** *

* Identifies the CloudHSM cluster for an CloudHSM key store. This parameter * is required for custom key stores with CustomKeyStoreType of * AWS_CLOUDHSM. *

*

* Enter the cluster ID of any active CloudHSM cluster that is not already * associated with a custom key store. To find the cluster ID, use the DescribeClusters operation. *

*

* Constraints:
* Length: 19 - 24
* Pattern: cluster-[2-7a-zA-Z]{11,16}
* * @return

* Identifies the CloudHSM cluster for an CloudHSM key store. This * parameter is required for custom key stores with * CustomKeyStoreType of AWS_CLOUDHSM. *

*

* Enter the cluster ID of any active CloudHSM cluster that is not * already associated with a custom key store. To find the cluster * ID, use the DescribeClusters operation. *

*/ public String getCloudHsmClusterId() { return cloudHsmClusterId; } /** *

* Identifies the CloudHSM cluster for an CloudHSM key store. This parameter * is required for custom key stores with CustomKeyStoreType of * AWS_CLOUDHSM. *

*

* Enter the cluster ID of any active CloudHSM cluster that is not already * associated with a custom key store. To find the cluster ID, use the DescribeClusters operation. *

*

* Constraints:
* Length: 19 - 24
* Pattern: cluster-[2-7a-zA-Z]{11,16}
* * @param cloudHsmClusterId

* Identifies the CloudHSM cluster for an CloudHSM key store. * This parameter is required for custom key stores with * CustomKeyStoreType of AWS_CLOUDHSM. *

*

* Enter the cluster ID of any active CloudHSM cluster that is * not already associated with a custom key store. To find the * cluster ID, use the DescribeClusters operation. *

*/ public void setCloudHsmClusterId(String cloudHsmClusterId) { this.cloudHsmClusterId = cloudHsmClusterId; } /** *

* Identifies the CloudHSM cluster for an CloudHSM key store. This parameter * is required for custom key stores with CustomKeyStoreType of * AWS_CLOUDHSM. *

*

* Enter the cluster ID of any active CloudHSM cluster that is not already * associated with a custom key store. To find the cluster ID, use the DescribeClusters operation. *

*

* Returns a reference to this object so that method calls can be chained * together. *

* Constraints:
* Length: 19 - 24
* Pattern: cluster-[2-7a-zA-Z]{11,16}
* * @param cloudHsmClusterId

* Identifies the CloudHSM cluster for an CloudHSM key store. * This parameter is required for custom key stores with * CustomKeyStoreType of AWS_CLOUDHSM. *

*

* Enter the cluster ID of any active CloudHSM cluster that is * not already associated with a custom key store. To find the * cluster ID, use the DescribeClusters operation. *

* @return A reference to this updated object so that method calls can be * chained together. */ public CreateCustomKeyStoreRequest withCloudHsmClusterId(String cloudHsmClusterId) { this.cloudHsmClusterId = cloudHsmClusterId; return this; } /** *

* Specifies the certificate for an CloudHSM key store. This parameter is * required for custom key stores with a CustomKeyStoreType of * AWS_CLOUDHSM. *

*

* Enter the content of the trust anchor certificate for the CloudHSM * cluster. This is the content of the customerCA.crt file that * you created when you initialized the cluster. *

*

* Constraints:
* Length: 1 - 5000
* * @return

* Specifies the certificate for an CloudHSM key store. This * parameter is required for custom key stores with a * CustomKeyStoreType of AWS_CLOUDHSM. *

*

* Enter the content of the trust anchor certificate for the * CloudHSM cluster. This is the content of the * customerCA.crt file that you created when you initialized the cluster. *

*/ public String getTrustAnchorCertificate() { return trustAnchorCertificate; } /** *

* Specifies the certificate for an CloudHSM key store. This parameter is * required for custom key stores with a CustomKeyStoreType of * AWS_CLOUDHSM. *

*

* Enter the content of the trust anchor certificate for the CloudHSM * cluster. This is the content of the customerCA.crt file that * you created when you initialized the cluster. *

*

* Constraints:
* Length: 1 - 5000
* * @param trustAnchorCertificate

* Specifies the certificate for an CloudHSM key store. This * parameter is required for custom key stores with a * CustomKeyStoreType of AWS_CLOUDHSM. *

*

* Enter the content of the trust anchor certificate for the * CloudHSM cluster. This is the content of the * customerCA.crt file that you created when you initialized the cluster. *

*/ public void setTrustAnchorCertificate(String trustAnchorCertificate) { this.trustAnchorCertificate = trustAnchorCertificate; } /** *

* Specifies the certificate for an CloudHSM key store. This parameter is * required for custom key stores with a CustomKeyStoreType of * AWS_CLOUDHSM. *

*

* Enter the content of the trust anchor certificate for the CloudHSM * cluster. This is the content of the customerCA.crt file that * you created when you initialized the cluster. *

*

* Returns a reference to this object so that method calls can be chained * together. *

* Constraints:
* Length: 1 - 5000
* * @param trustAnchorCertificate

* Specifies the certificate for an CloudHSM key store. This * parameter is required for custom key stores with a * CustomKeyStoreType of AWS_CLOUDHSM. *

*

* Enter the content of the trust anchor certificate for the * CloudHSM cluster. This is the content of the * customerCA.crt file that you created when you initialized the cluster. *

* @return A reference to this updated object so that method calls can be * chained together. */ public CreateCustomKeyStoreRequest withTrustAnchorCertificate(String trustAnchorCertificate) { this.trustAnchorCertificate = trustAnchorCertificate; return this; } /** *

* Specifies the kmsuser password for an CloudHSM key store. * This parameter is required for custom key stores with a * CustomKeyStoreType of AWS_CLOUDHSM. *

*

* Enter the password of the kmsuser crypto user (CU) account in the specified * CloudHSM cluster. KMS logs into the cluster as this user to manage key * material on your behalf. *

*

* The password must be a string of 7 to 32 characters. Its value is case * sensitive. *

*

* This parameter tells KMS the kmsuser account password; it * does not change the password in the CloudHSM cluster. *

*

* Constraints:
* Length: 7 - 32
* * @return

* Specifies the kmsuser password for an CloudHSM key * store. This parameter is required for custom key stores with a * CustomKeyStoreType of AWS_CLOUDHSM. *

*

* Enter the password of the kmsuser crypto user (CU) account in the * specified CloudHSM cluster. KMS logs into the cluster as this * user to manage key material on your behalf. *

*

* The password must be a string of 7 to 32 characters. Its value is * case sensitive. *

*

* This parameter tells KMS the kmsuser account * password; it does not change the password in the CloudHSM * cluster. *

*/ public String getKeyStorePassword() { return keyStorePassword; } /** *

* Specifies the kmsuser password for an CloudHSM key store. * This parameter is required for custom key stores with a * CustomKeyStoreType of AWS_CLOUDHSM. *

*

* Enter the password of the kmsuser crypto user (CU) account in the specified * CloudHSM cluster. KMS logs into the cluster as this user to manage key * material on your behalf. *

*

* The password must be a string of 7 to 32 characters. Its value is case * sensitive. *

*

* This parameter tells KMS the kmsuser account password; it * does not change the password in the CloudHSM cluster. *

*

* Constraints:
* Length: 7 - 32
* * @param keyStorePassword

* Specifies the kmsuser password for an CloudHSM * key store. This parameter is required for custom key stores * with a CustomKeyStoreType of * AWS_CLOUDHSM. *

*

* Enter the password of the kmsuser crypto user (CU) account in the * specified CloudHSM cluster. KMS logs into the cluster as this * user to manage key material on your behalf. *

*

* The password must be a string of 7 to 32 characters. Its value * is case sensitive. *

*

* This parameter tells KMS the kmsuser account * password; it does not change the password in the CloudHSM * cluster. *

*/ public void setKeyStorePassword(String keyStorePassword) { this.keyStorePassword = keyStorePassword; } /** *

* Specifies the kmsuser password for an CloudHSM key store. * This parameter is required for custom key stores with a * CustomKeyStoreType of AWS_CLOUDHSM. *

*

* Enter the password of the kmsuser crypto user (CU) account in the specified * CloudHSM cluster. KMS logs into the cluster as this user to manage key * material on your behalf. *

*

* The password must be a string of 7 to 32 characters. Its value is case * sensitive. *

*

* This parameter tells KMS the kmsuser account password; it * does not change the password in the CloudHSM cluster. *

*

* Returns a reference to this object so that method calls can be chained * together. *

* Constraints:
* Length: 7 - 32
* * @param keyStorePassword

* Specifies the kmsuser password for an CloudHSM * key store. This parameter is required for custom key stores * with a CustomKeyStoreType of * AWS_CLOUDHSM. *

*

* Enter the password of the kmsuser crypto user (CU) account in the * specified CloudHSM cluster. KMS logs into the cluster as this * user to manage key material on your behalf. *

*

* The password must be a string of 7 to 32 characters. Its value * is case sensitive. *

*

* This parameter tells KMS the kmsuser account * password; it does not change the password in the CloudHSM * cluster. *

* @return A reference to this updated object so that method calls can be * chained together. */ public CreateCustomKeyStoreRequest withKeyStorePassword(String keyStorePassword) { this.keyStorePassword = keyStorePassword; return this; } /** *

* Specifies the type of custom key store. The default value is * AWS_CLOUDHSM. *

*

* For a custom key store backed by an CloudHSM cluster, omit the parameter * or enter AWS_CLOUDHSM. For a custom key store backed by an * external key manager outside of Amazon Web Services, enter * EXTERNAL_KEY_STORE. You cannot change this property after * the key store is created. *

*

* Constraints:
* Allowed Values: AWS_CLOUDHSM, EXTERNAL_KEY_STORE * * @return

* Specifies the type of custom key store. The default value is * AWS_CLOUDHSM. *

*

* For a custom key store backed by an CloudHSM cluster, omit the * parameter or enter AWS_CLOUDHSM. For a custom key * store backed by an external key manager outside of Amazon Web * Services, enter EXTERNAL_KEY_STORE. You cannot * change this property after the key store is created. *

* @see CustomKeyStoreType */ public String getCustomKeyStoreType() { return customKeyStoreType; } /** *

* Specifies the type of custom key store. The default value is * AWS_CLOUDHSM. *

*

* For a custom key store backed by an CloudHSM cluster, omit the parameter * or enter AWS_CLOUDHSM. For a custom key store backed by an * external key manager outside of Amazon Web Services, enter * EXTERNAL_KEY_STORE. You cannot change this property after * the key store is created. *

*

* Constraints:
* Allowed Values: AWS_CLOUDHSM, EXTERNAL_KEY_STORE * * @param customKeyStoreType

* Specifies the type of custom key store. The default value is * AWS_CLOUDHSM. *

*

* For a custom key store backed by an CloudHSM cluster, omit the * parameter or enter AWS_CLOUDHSM. For a custom key * store backed by an external key manager outside of Amazon Web * Services, enter EXTERNAL_KEY_STORE. You cannot * change this property after the key store is created. *

* @see CustomKeyStoreType */ public void setCustomKeyStoreType(String customKeyStoreType) { this.customKeyStoreType = customKeyStoreType; } /** *

* Specifies the type of custom key store. The default value is * AWS_CLOUDHSM. *

*

* For a custom key store backed by an CloudHSM cluster, omit the parameter * or enter AWS_CLOUDHSM. For a custom key store backed by an * external key manager outside of Amazon Web Services, enter * EXTERNAL_KEY_STORE. You cannot change this property after * the key store is created. *

*

* Returns a reference to this object so that method calls can be chained * together. *

* Constraints:
* Allowed Values: AWS_CLOUDHSM, EXTERNAL_KEY_STORE * * @param customKeyStoreType

* Specifies the type of custom key store. The default value is * AWS_CLOUDHSM. *

*

* For a custom key store backed by an CloudHSM cluster, omit the * parameter or enter AWS_CLOUDHSM. For a custom key * store backed by an external key manager outside of Amazon Web * Services, enter EXTERNAL_KEY_STORE. You cannot * change this property after the key store is created. *

* @return A reference to this updated object so that method calls can be * chained together. * @see CustomKeyStoreType */ public CreateCustomKeyStoreRequest withCustomKeyStoreType(String customKeyStoreType) { this.customKeyStoreType = customKeyStoreType; return this; } /** *

* Specifies the type of custom key store. The default value is * AWS_CLOUDHSM. *

*

* For a custom key store backed by an CloudHSM cluster, omit the parameter * or enter AWS_CLOUDHSM. For a custom key store backed by an * external key manager outside of Amazon Web Services, enter * EXTERNAL_KEY_STORE. You cannot change this property after * the key store is created. *

*

* Constraints:
* Allowed Values: AWS_CLOUDHSM, EXTERNAL_KEY_STORE * * @param customKeyStoreType

* Specifies the type of custom key store. The default value is * AWS_CLOUDHSM. *

*

* For a custom key store backed by an CloudHSM cluster, omit the * parameter or enter AWS_CLOUDHSM. For a custom key * store backed by an external key manager outside of Amazon Web * Services, enter EXTERNAL_KEY_STORE. You cannot * change this property after the key store is created. *

* @see CustomKeyStoreType */ public void setCustomKeyStoreType(CustomKeyStoreType customKeyStoreType) { this.customKeyStoreType = customKeyStoreType.toString(); } /** *

* Specifies the type of custom key store. The default value is * AWS_CLOUDHSM. *

*

* For a custom key store backed by an CloudHSM cluster, omit the parameter * or enter AWS_CLOUDHSM. For a custom key store backed by an * external key manager outside of Amazon Web Services, enter * EXTERNAL_KEY_STORE. You cannot change this property after * the key store is created. *

*

* Returns a reference to this object so that method calls can be chained * together. *

* Constraints:
* Allowed Values: AWS_CLOUDHSM, EXTERNAL_KEY_STORE * * @param customKeyStoreType

* Specifies the type of custom key store. The default value is * AWS_CLOUDHSM. *

*

* For a custom key store backed by an CloudHSM cluster, omit the * parameter or enter AWS_CLOUDHSM. For a custom key * store backed by an external key manager outside of Amazon Web * Services, enter EXTERNAL_KEY_STORE. You cannot * change this property after the key store is created. *

* @return A reference to this updated object so that method calls can be * chained together. * @see CustomKeyStoreType */ public CreateCustomKeyStoreRequest withCustomKeyStoreType(CustomKeyStoreType customKeyStoreType) { this.customKeyStoreType = customKeyStoreType.toString(); return this; } /** *

* Specifies the endpoint that KMS uses to send requests to the external key * store proxy (XKS proxy). This parameter is required for custom key stores * with a CustomKeyStoreType of EXTERNAL_KEY_STORE * . *

*

* The protocol must be HTTPS. KMS communicates on port 443. Do not specify * the port in the XksProxyUriEndpoint value. *

*

* For external key stores with XksProxyConnectivity value of * VPC_ENDPOINT_SERVICE, specify https:// followed * by the private DNS name of the VPC endpoint service. *

*

* For external key stores with PUBLIC_ENDPOINT connectivity, * this endpoint must be reachable before you create the custom key store. * KMS connects to the external key store proxy while creating the custom * key store. For external key stores with VPC_ENDPOINT_SERVICE * connectivity, KMS connects when you call the ConnectCustomKeyStore * operation. *

*

* The value of this parameter must begin with https://. The * remainder can contain upper and lower case letters (A-Z and a-z), numbers * (0-9), dots (.), and hyphens (-). Additional * slashes (/ and \) are not permitted. *

*

* Uniqueness requirements: *

* *

* Constraints:
* Length: 10 - 128
* Pattern: ^https://[a-zA-Z0-9.-]+$
* * @return

* Specifies the endpoint that KMS uses to send requests to the * external key store proxy (XKS proxy). This parameter is required * for custom key stores with a CustomKeyStoreType of * EXTERNAL_KEY_STORE. *

*

* The protocol must be HTTPS. KMS communicates on port 443. Do not * specify the port in the XksProxyUriEndpoint value. *

*

* For external key stores with XksProxyConnectivity * value of VPC_ENDPOINT_SERVICE, specify * https:// followed by the private DNS name of the VPC * endpoint service. *

*

* For external key stores with PUBLIC_ENDPOINT * connectivity, this endpoint must be reachable before you create * the custom key store. KMS connects to the external key store * proxy while creating the custom key store. For external key * stores with VPC_ENDPOINT_SERVICE connectivity, KMS * connects when you call the ConnectCustomKeyStore * operation. *

*

* The value of this parameter must begin with https:// * . The remainder can contain upper and lower case letters (A-Z and * a-z), numbers (0-9), dots (.), and hyphens ( * -). Additional slashes (/ and * \) are not permitted. *

*

* Uniqueness requirements: *

* */ public String getXksProxyUriEndpoint() { return xksProxyUriEndpoint; } /** *

* Specifies the endpoint that KMS uses to send requests to the external key * store proxy (XKS proxy). This parameter is required for custom key stores * with a CustomKeyStoreType of EXTERNAL_KEY_STORE * . *

*

* The protocol must be HTTPS. KMS communicates on port 443. Do not specify * the port in the XksProxyUriEndpoint value. *

*

* For external key stores with XksProxyConnectivity value of * VPC_ENDPOINT_SERVICE, specify https:// followed * by the private DNS name of the VPC endpoint service. *

*

* For external key stores with PUBLIC_ENDPOINT connectivity, * this endpoint must be reachable before you create the custom key store. * KMS connects to the external key store proxy while creating the custom * key store. For external key stores with VPC_ENDPOINT_SERVICE * connectivity, KMS connects when you call the ConnectCustomKeyStore * operation. *

*

* The value of this parameter must begin with https://. The * remainder can contain upper and lower case letters (A-Z and a-z), numbers * (0-9), dots (.), and hyphens (-). Additional * slashes (/ and \) are not permitted. *

*

* Uniqueness requirements: *

* *

* Constraints:
* Length: 10 - 128
* Pattern: ^https://[a-zA-Z0-9.-]+$
* * @param xksProxyUriEndpoint

* Specifies the endpoint that KMS uses to send requests to the * external key store proxy (XKS proxy). This parameter is * required for custom key stores with a * CustomKeyStoreType of * EXTERNAL_KEY_STORE. *

*

* The protocol must be HTTPS. KMS communicates on port 443. Do * not specify the port in the XksProxyUriEndpoint * value. *

*

* For external key stores with XksProxyConnectivity * value of VPC_ENDPOINT_SERVICE, specify * https:// followed by the private DNS name of the * VPC endpoint service. *

*

* For external key stores with PUBLIC_ENDPOINT * connectivity, this endpoint must be reachable before you * create the custom key store. KMS connects to the external key * store proxy while creating the custom key store. For external * key stores with VPC_ENDPOINT_SERVICE * connectivity, KMS connects when you call the * ConnectCustomKeyStore operation. *

*

* The value of this parameter must begin with * https://. The remainder can contain upper and * lower case letters (A-Z and a-z), numbers (0-9), dots ( * .), and hyphens (-). Additional * slashes (/ and \) are not permitted. *

*

* Uniqueness requirements: *

* */ public void setXksProxyUriEndpoint(String xksProxyUriEndpoint) { this.xksProxyUriEndpoint = xksProxyUriEndpoint; } /** *

* Specifies the endpoint that KMS uses to send requests to the external key * store proxy (XKS proxy). This parameter is required for custom key stores * with a CustomKeyStoreType of EXTERNAL_KEY_STORE * . *

*

* The protocol must be HTTPS. KMS communicates on port 443. Do not specify * the port in the XksProxyUriEndpoint value. *

*

* For external key stores with XksProxyConnectivity value of * VPC_ENDPOINT_SERVICE, specify https:// followed * by the private DNS name of the VPC endpoint service. *

*

* For external key stores with PUBLIC_ENDPOINT connectivity, * this endpoint must be reachable before you create the custom key store. * KMS connects to the external key store proxy while creating the custom * key store. For external key stores with VPC_ENDPOINT_SERVICE * connectivity, KMS connects when you call the ConnectCustomKeyStore * operation. *

*

* The value of this parameter must begin with https://. The * remainder can contain upper and lower case letters (A-Z and a-z), numbers * (0-9), dots (.), and hyphens (-). Additional * slashes (/ and \) are not permitted. *

*

* Uniqueness requirements: *

* *

* Returns a reference to this object so that method calls can be chained * together. *

* Constraints:
* Length: 10 - 128
* Pattern: ^https://[a-zA-Z0-9.-]+$
* * @param xksProxyUriEndpoint

* Specifies the endpoint that KMS uses to send requests to the * external key store proxy (XKS proxy). This parameter is * required for custom key stores with a * CustomKeyStoreType of * EXTERNAL_KEY_STORE. *

*

* The protocol must be HTTPS. KMS communicates on port 443. Do * not specify the port in the XksProxyUriEndpoint * value. *

*

* For external key stores with XksProxyConnectivity * value of VPC_ENDPOINT_SERVICE, specify * https:// followed by the private DNS name of the * VPC endpoint service. *

*

* For external key stores with PUBLIC_ENDPOINT * connectivity, this endpoint must be reachable before you * create the custom key store. KMS connects to the external key * store proxy while creating the custom key store. For external * key stores with VPC_ENDPOINT_SERVICE * connectivity, KMS connects when you call the * ConnectCustomKeyStore operation. *

*

* The value of this parameter must begin with * https://. The remainder can contain upper and * lower case letters (A-Z and a-z), numbers (0-9), dots ( * .), and hyphens (-). Additional * slashes (/ and \) are not permitted. *

*

* Uniqueness requirements: *

* * @return A reference to this updated object so that method calls can be * chained together. */ public CreateCustomKeyStoreRequest withXksProxyUriEndpoint(String xksProxyUriEndpoint) { this.xksProxyUriEndpoint = xksProxyUriEndpoint; return this; } /** *

* Specifies the base path to the proxy APIs for this external key store. To * find this value, see the documentation for your external key store proxy. * This parameter is required for all custom key stores with a * CustomKeyStoreType of EXTERNAL_KEY_STORE. *

*

* The value must start with / and must end with * /kms/xks/v1 where v1 represents the version of * the KMS external key store proxy API. This path can include an optional * prefix between the required elements such as * /prefix/kms/xks/v1. *

*

* Uniqueness requirements: *

* *

* Constraints:
* Length: 10 - 128
* Pattern: * ^(/[a-zA-Z0-9\/_-]+/kms/xks/v\d{1,2})$|^(/kms/xks/v\d{1,2})$
* * @return

* Specifies the base path to the proxy APIs for this external key * store. To find this value, see the documentation for your * external key store proxy. This parameter is required for all * custom key stores with a CustomKeyStoreType of * EXTERNAL_KEY_STORE. *

*

* The value must start with / and must end with * /kms/xks/v1 where v1 represents the * version of the KMS external key store proxy API. This path can * include an optional prefix between the required elements such as * /prefix/kms/xks/v1. *

*

* Uniqueness requirements: *

* */ public String getXksProxyUriPath() { return xksProxyUriPath; } /** *

* Specifies the base path to the proxy APIs for this external key store. To * find this value, see the documentation for your external key store proxy. * This parameter is required for all custom key stores with a * CustomKeyStoreType of EXTERNAL_KEY_STORE. *

*

* The value must start with / and must end with * /kms/xks/v1 where v1 represents the version of * the KMS external key store proxy API. This path can include an optional * prefix between the required elements such as * /prefix/kms/xks/v1. *

*

* Uniqueness requirements: *

* *

* Constraints:
* Length: 10 - 128
* Pattern: * ^(/[a-zA-Z0-9\/_-]+/kms/xks/v\d{1,2})$|^(/kms/xks/v\d{1,2})$
* * @param xksProxyUriPath

* Specifies the base path to the proxy APIs for this external * key store. To find this value, see the documentation for your * external key store proxy. This parameter is required for all * custom key stores with a CustomKeyStoreType of * EXTERNAL_KEY_STORE. *

*

* The value must start with / and must end with * /kms/xks/v1 where v1 represents the * version of the KMS external key store proxy API. This path can * include an optional prefix between the required elements such * as /prefix/kms/xks/v1. *

*

* Uniqueness requirements: *

* */ public void setXksProxyUriPath(String xksProxyUriPath) { this.xksProxyUriPath = xksProxyUriPath; } /** *

* Specifies the base path to the proxy APIs for this external key store. To * find this value, see the documentation for your external key store proxy. * This parameter is required for all custom key stores with a * CustomKeyStoreType of EXTERNAL_KEY_STORE. *

*

* The value must start with / and must end with * /kms/xks/v1 where v1 represents the version of * the KMS external key store proxy API. This path can include an optional * prefix between the required elements such as * /prefix/kms/xks/v1. *

*

* Uniqueness requirements: *

* *

* Returns a reference to this object so that method calls can be chained * together. *

* Constraints:
* Length: 10 - 128
* Pattern: * ^(/[a-zA-Z0-9\/_-]+/kms/xks/v\d{1,2})$|^(/kms/xks/v\d{1,2})$
* * @param xksProxyUriPath

* Specifies the base path to the proxy APIs for this external * key store. To find this value, see the documentation for your * external key store proxy. This parameter is required for all * custom key stores with a CustomKeyStoreType of * EXTERNAL_KEY_STORE. *

*

* The value must start with / and must end with * /kms/xks/v1 where v1 represents the * version of the KMS external key store proxy API. This path can * include an optional prefix between the required elements such * as /prefix/kms/xks/v1. *

*

* Uniqueness requirements: *

* * @return A reference to this updated object so that method calls can be * chained together. */ public CreateCustomKeyStoreRequest withXksProxyUriPath(String xksProxyUriPath) { this.xksProxyUriPath = xksProxyUriPath; return this; } /** *

* Specifies the name of the Amazon VPC endpoint service for interface * endpoints that is used to communicate with your external key store proxy * (XKS proxy). This parameter is required when the value of * CustomKeyStoreType is EXTERNAL_KEY_STORE and * the value of XksProxyConnectivity is * VPC_ENDPOINT_SERVICE. *

*

* The Amazon VPC endpoint service must fulfill all requirements for use with an external key store. *

*

* Uniqueness requirements: *

* *

* Constraints:
* Length: 20 - 64
* Pattern: * ^com\.amazonaws\.vpce\.([a-z]+-){2,3}\d+\.vpce-svc-[0-9a-z]+$
* * @return

* Specifies the name of the Amazon VPC endpoint service for * interface endpoints that is used to communicate with your * external key store proxy (XKS proxy). This parameter is required * when the value of CustomKeyStoreType is * EXTERNAL_KEY_STORE and the value of * XksProxyConnectivity is * VPC_ENDPOINT_SERVICE. *

*

* The Amazon VPC endpoint service must fulfill all requirements for use with an external key store. *

*

* Uniqueness requirements: *

* */ public String getXksProxyVpcEndpointServiceName() { return xksProxyVpcEndpointServiceName; } /** *

* Specifies the name of the Amazon VPC endpoint service for interface * endpoints that is used to communicate with your external key store proxy * (XKS proxy). This parameter is required when the value of * CustomKeyStoreType is EXTERNAL_KEY_STORE and * the value of XksProxyConnectivity is * VPC_ENDPOINT_SERVICE. *

*

* The Amazon VPC endpoint service must fulfill all requirements for use with an external key store. *

*

* Uniqueness requirements: *

* *

* Constraints:
* Length: 20 - 64
* Pattern: * ^com\.amazonaws\.vpce\.([a-z]+-){2,3}\d+\.vpce-svc-[0-9a-z]+$
* * @param xksProxyVpcEndpointServiceName

* Specifies the name of the Amazon VPC endpoint service for * interface endpoints that is used to communicate with your * external key store proxy (XKS proxy). This parameter is * required when the value of CustomKeyStoreType is * EXTERNAL_KEY_STORE and the value of * XksProxyConnectivity is * VPC_ENDPOINT_SERVICE. *

*

* The Amazon VPC endpoint service must fulfill all requirements for use with an external key * store. *

*

* Uniqueness requirements: *

* */ public void setXksProxyVpcEndpointServiceName(String xksProxyVpcEndpointServiceName) { this.xksProxyVpcEndpointServiceName = xksProxyVpcEndpointServiceName; } /** *

* Specifies the name of the Amazon VPC endpoint service for interface * endpoints that is used to communicate with your external key store proxy * (XKS proxy). This parameter is required when the value of * CustomKeyStoreType is EXTERNAL_KEY_STORE and * the value of XksProxyConnectivity is * VPC_ENDPOINT_SERVICE. *

*

* The Amazon VPC endpoint service must fulfill all requirements for use with an external key store. *

*

* Uniqueness requirements: *

* *

* Returns a reference to this object so that method calls can be chained * together. *

* Constraints:
* Length: 20 - 64
* Pattern: * ^com\.amazonaws\.vpce\.([a-z]+-){2,3}\d+\.vpce-svc-[0-9a-z]+$
* * @param xksProxyVpcEndpointServiceName

* Specifies the name of the Amazon VPC endpoint service for * interface endpoints that is used to communicate with your * external key store proxy (XKS proxy). This parameter is * required when the value of CustomKeyStoreType is * EXTERNAL_KEY_STORE and the value of * XksProxyConnectivity is * VPC_ENDPOINT_SERVICE. *

*

* The Amazon VPC endpoint service must fulfill all requirements for use with an external key * store. *

*

* Uniqueness requirements: *

* * @return A reference to this updated object so that method calls can be * chained together. */ public CreateCustomKeyStoreRequest withXksProxyVpcEndpointServiceName( String xksProxyVpcEndpointServiceName) { this.xksProxyVpcEndpointServiceName = xksProxyVpcEndpointServiceName; return this; } /** *

* Specifies an authentication credential for the external key store proxy * (XKS proxy). This parameter is required for all custom key stores with a * CustomKeyStoreType of EXTERNAL_KEY_STORE. *

*

* The XksProxyAuthenticationCredential has two required * elements: RawSecretAccessKey, a secret key, and * AccessKeyId, a unique identifier for the * RawSecretAccessKey. For character requirements, see XksProxyAuthenticationCredentialType. *

*

* KMS uses this authentication credential to sign requests to the external * key store proxy on your behalf. This credential is unrelated to Identity * and Access Management (IAM) and Amazon Web Services credentials. *

*

* This parameter doesn't set or change the authentication credentials on * the XKS proxy. It just tells KMS the credential that you established on * your external key store proxy. If you rotate your proxy authentication * credential, use the UpdateCustomKeyStore operation to provide the * new credential to KMS. *

* * @return

* Specifies an authentication credential for the external key store * proxy (XKS proxy). This parameter is required for all custom key * stores with a CustomKeyStoreType of * EXTERNAL_KEY_STORE. *

*

* The XksProxyAuthenticationCredential has two * required elements: RawSecretAccessKey, a secret key, * and AccessKeyId, a unique identifier for the * RawSecretAccessKey. For character requirements, see * XksProxyAuthenticationCredentialType. *

*

* KMS uses this authentication credential to sign requests to the * external key store proxy on your behalf. This credential is * unrelated to Identity and Access Management (IAM) and Amazon Web * Services credentials. *

*

* This parameter doesn't set or change the authentication * credentials on the XKS proxy. It just tells KMS the credential * that you established on your external key store proxy. If you * rotate your proxy authentication credential, use the * UpdateCustomKeyStore operation to provide the new * credential to KMS. *

*/ public XksProxyAuthenticationCredentialType getXksProxyAuthenticationCredential() { return xksProxyAuthenticationCredential; } /** *

* Specifies an authentication credential for the external key store proxy * (XKS proxy). This parameter is required for all custom key stores with a * CustomKeyStoreType of EXTERNAL_KEY_STORE. *

*

* The XksProxyAuthenticationCredential has two required * elements: RawSecretAccessKey, a secret key, and * AccessKeyId, a unique identifier for the * RawSecretAccessKey. For character requirements, see XksProxyAuthenticationCredentialType. *

*

* KMS uses this authentication credential to sign requests to the external * key store proxy on your behalf. This credential is unrelated to Identity * and Access Management (IAM) and Amazon Web Services credentials. *

*

* This parameter doesn't set or change the authentication credentials on * the XKS proxy. It just tells KMS the credential that you established on * your external key store proxy. If you rotate your proxy authentication * credential, use the UpdateCustomKeyStore operation to provide the * new credential to KMS. *

* * @param xksProxyAuthenticationCredential

* Specifies an authentication credential for the external key * store proxy (XKS proxy). This parameter is required for all * custom key stores with a CustomKeyStoreType of * EXTERNAL_KEY_STORE. *

*

* The XksProxyAuthenticationCredential has two * required elements: RawSecretAccessKey, a secret * key, and AccessKeyId, a unique identifier for the * RawSecretAccessKey. For character requirements, * see XksProxyAuthenticationCredentialType. *

*

* KMS uses this authentication credential to sign requests to * the external key store proxy on your behalf. This credential * is unrelated to Identity and Access Management (IAM) and * Amazon Web Services credentials. *

*

* This parameter doesn't set or change the authentication * credentials on the XKS proxy. It just tells KMS the credential * that you established on your external key store proxy. If you * rotate your proxy authentication credential, use the * UpdateCustomKeyStore operation to provide the new * credential to KMS. *

*/ public void setXksProxyAuthenticationCredential( XksProxyAuthenticationCredentialType xksProxyAuthenticationCredential) { this.xksProxyAuthenticationCredential = xksProxyAuthenticationCredential; } /** *

* Specifies an authentication credential for the external key store proxy * (XKS proxy). This parameter is required for all custom key stores with a * CustomKeyStoreType of EXTERNAL_KEY_STORE. *

*

* The XksProxyAuthenticationCredential has two required * elements: RawSecretAccessKey, a secret key, and * AccessKeyId, a unique identifier for the * RawSecretAccessKey. For character requirements, see XksProxyAuthenticationCredentialType. *

*

* KMS uses this authentication credential to sign requests to the external * key store proxy on your behalf. This credential is unrelated to Identity * and Access Management (IAM) and Amazon Web Services credentials. *

*

* This parameter doesn't set or change the authentication credentials on * the XKS proxy. It just tells KMS the credential that you established on * your external key store proxy. If you rotate your proxy authentication * credential, use the UpdateCustomKeyStore operation to provide the * new credential to KMS. *

*

* Returns a reference to this object so that method calls can be chained * together. * * @param xksProxyAuthenticationCredential

* Specifies an authentication credential for the external key * store proxy (XKS proxy). This parameter is required for all * custom key stores with a CustomKeyStoreType of * EXTERNAL_KEY_STORE. *

*

* The XksProxyAuthenticationCredential has two * required elements: RawSecretAccessKey, a secret * key, and AccessKeyId, a unique identifier for the * RawSecretAccessKey. For character requirements, * see XksProxyAuthenticationCredentialType. *

*

* KMS uses this authentication credential to sign requests to * the external key store proxy on your behalf. This credential * is unrelated to Identity and Access Management (IAM) and * Amazon Web Services credentials. *

*

* This parameter doesn't set or change the authentication * credentials on the XKS proxy. It just tells KMS the credential * that you established on your external key store proxy. If you * rotate your proxy authentication credential, use the * UpdateCustomKeyStore operation to provide the new * credential to KMS. *

* @return A reference to this updated object so that method calls can be * chained together. */ public CreateCustomKeyStoreRequest withXksProxyAuthenticationCredential( XksProxyAuthenticationCredentialType xksProxyAuthenticationCredential) { this.xksProxyAuthenticationCredential = xksProxyAuthenticationCredential; return this; } /** *

* Indicates how KMS communicates with the external key store proxy. This * parameter is required for custom key stores with a * CustomKeyStoreType of EXTERNAL_KEY_STORE. *

*

* If the external key store proxy uses a public endpoint, specify * PUBLIC_ENDPOINT. If the external key store proxy uses a * Amazon VPC endpoint service for communication with KMS, specify * VPC_ENDPOINT_SERVICE. For help making this choice, see Choosing a connectivity option in the Key Management Service * Developer Guide. *

*

* An Amazon VPC endpoint service keeps your communication with KMS in a * private address space entirely within Amazon Web Services, but it * requires more configuration, including establishing a Amazon VPC with * multiple subnets, a VPC endpoint service, a network load balancer, and a * verified private DNS name. A public endpoint is simpler to set up, but it * might be slower and might not fulfill your security requirements. You * might consider testing with a public endpoint, and then establishing a * VPC endpoint service for production tasks. Note that this choice does not * determine the location of the external key store proxy. Even if you * choose a VPC endpoint service, the proxy can be hosted within the VPC or * outside of Amazon Web Services such as in your corporate data center. *

*

* Constraints:
* Allowed Values: PUBLIC_ENDPOINT, VPC_ENDPOINT_SERVICE * * @return

* Indicates how KMS communicates with the external key store proxy. * This parameter is required for custom key stores with a * CustomKeyStoreType of * EXTERNAL_KEY_STORE. *

*

* If the external key store proxy uses a public endpoint, specify * PUBLIC_ENDPOINT. If the external key store proxy * uses a Amazon VPC endpoint service for communication with KMS, * specify VPC_ENDPOINT_SERVICE. For help making this * choice, see Choosing a connectivity option in the Key Management * Service Developer Guide. *

*

* An Amazon VPC endpoint service keeps your communication with KMS * in a private address space entirely within Amazon Web Services, * but it requires more configuration, including establishing a * Amazon VPC with multiple subnets, a VPC endpoint service, a * network load balancer, and a verified private DNS name. A public * endpoint is simpler to set up, but it might be slower and might * not fulfill your security requirements. You might consider * testing with a public endpoint, and then establishing a VPC * endpoint service for production tasks. Note that this choice does * not determine the location of the external key store proxy. Even * if you choose a VPC endpoint service, the proxy can be hosted * within the VPC or outside of Amazon Web Services such as in your * corporate data center. *

* @see XksProxyConnectivityType */ public String getXksProxyConnectivity() { return xksProxyConnectivity; } /** *

* Indicates how KMS communicates with the external key store proxy. This * parameter is required for custom key stores with a * CustomKeyStoreType of EXTERNAL_KEY_STORE. *

*

* If the external key store proxy uses a public endpoint, specify * PUBLIC_ENDPOINT. If the external key store proxy uses a * Amazon VPC endpoint service for communication with KMS, specify * VPC_ENDPOINT_SERVICE. For help making this choice, see Choosing a connectivity option in the Key Management Service * Developer Guide. *

*

* An Amazon VPC endpoint service keeps your communication with KMS in a * private address space entirely within Amazon Web Services, but it * requires more configuration, including establishing a Amazon VPC with * multiple subnets, a VPC endpoint service, a network load balancer, and a * verified private DNS name. A public endpoint is simpler to set up, but it * might be slower and might not fulfill your security requirements. You * might consider testing with a public endpoint, and then establishing a * VPC endpoint service for production tasks. Note that this choice does not * determine the location of the external key store proxy. Even if you * choose a VPC endpoint service, the proxy can be hosted within the VPC or * outside of Amazon Web Services such as in your corporate data center. *

*

* Constraints:
* Allowed Values: PUBLIC_ENDPOINT, VPC_ENDPOINT_SERVICE * * @param xksProxyConnectivity

* Indicates how KMS communicates with the external key store * proxy. This parameter is required for custom key stores with a * CustomKeyStoreType of * EXTERNAL_KEY_STORE. *

*

* If the external key store proxy uses a public endpoint, * specify PUBLIC_ENDPOINT. If the external key * store proxy uses a Amazon VPC endpoint service for * communication with KMS, specify * VPC_ENDPOINT_SERVICE. For help making this * choice, see Choosing a connectivity option in the Key Management * Service Developer Guide. *

*

* An Amazon VPC endpoint service keeps your communication with * KMS in a private address space entirely within Amazon Web * Services, but it requires more configuration, including * establishing a Amazon VPC with multiple subnets, a VPC * endpoint service, a network load balancer, and a verified * private DNS name. A public endpoint is simpler to set up, but * it might be slower and might not fulfill your security * requirements. You might consider testing with a public * endpoint, and then establishing a VPC endpoint service for * production tasks. Note that this choice does not determine the * location of the external key store proxy. Even if you choose a * VPC endpoint service, the proxy can be hosted within the VPC * or outside of Amazon Web Services such as in your corporate * data center. *

* @see XksProxyConnectivityType */ public void setXksProxyConnectivity(String xksProxyConnectivity) { this.xksProxyConnectivity = xksProxyConnectivity; } /** *

* Indicates how KMS communicates with the external key store proxy. This * parameter is required for custom key stores with a * CustomKeyStoreType of EXTERNAL_KEY_STORE. *

*

* If the external key store proxy uses a public endpoint, specify * PUBLIC_ENDPOINT. If the external key store proxy uses a * Amazon VPC endpoint service for communication with KMS, specify * VPC_ENDPOINT_SERVICE. For help making this choice, see Choosing a connectivity option in the Key Management Service * Developer Guide. *

*

* An Amazon VPC endpoint service keeps your communication with KMS in a * private address space entirely within Amazon Web Services, but it * requires more configuration, including establishing a Amazon VPC with * multiple subnets, a VPC endpoint service, a network load balancer, and a * verified private DNS name. A public endpoint is simpler to set up, but it * might be slower and might not fulfill your security requirements. You * might consider testing with a public endpoint, and then establishing a * VPC endpoint service for production tasks. Note that this choice does not * determine the location of the external key store proxy. Even if you * choose a VPC endpoint service, the proxy can be hosted within the VPC or * outside of Amazon Web Services such as in your corporate data center. *

*

* Returns a reference to this object so that method calls can be chained * together. *

* Constraints:
* Allowed Values: PUBLIC_ENDPOINT, VPC_ENDPOINT_SERVICE * * @param xksProxyConnectivity

* Indicates how KMS communicates with the external key store * proxy. This parameter is required for custom key stores with a * CustomKeyStoreType of * EXTERNAL_KEY_STORE. *

*

* If the external key store proxy uses a public endpoint, * specify PUBLIC_ENDPOINT. If the external key * store proxy uses a Amazon VPC endpoint service for * communication with KMS, specify * VPC_ENDPOINT_SERVICE. For help making this * choice, see Choosing a connectivity option in the Key Management * Service Developer Guide. *

*

* An Amazon VPC endpoint service keeps your communication with * KMS in a private address space entirely within Amazon Web * Services, but it requires more configuration, including * establishing a Amazon VPC with multiple subnets, a VPC * endpoint service, a network load balancer, and a verified * private DNS name. A public endpoint is simpler to set up, but * it might be slower and might not fulfill your security * requirements. You might consider testing with a public * endpoint, and then establishing a VPC endpoint service for * production tasks. Note that this choice does not determine the * location of the external key store proxy. Even if you choose a * VPC endpoint service, the proxy can be hosted within the VPC * or outside of Amazon Web Services such as in your corporate * data center. *

* @return A reference to this updated object so that method calls can be * chained together. * @see XksProxyConnectivityType */ public CreateCustomKeyStoreRequest withXksProxyConnectivity(String xksProxyConnectivity) { this.xksProxyConnectivity = xksProxyConnectivity; return this; } /** *

* Indicates how KMS communicates with the external key store proxy. This * parameter is required for custom key stores with a * CustomKeyStoreType of EXTERNAL_KEY_STORE. *

*

* If the external key store proxy uses a public endpoint, specify * PUBLIC_ENDPOINT. If the external key store proxy uses a * Amazon VPC endpoint service for communication with KMS, specify * VPC_ENDPOINT_SERVICE. For help making this choice, see Choosing a connectivity option in the Key Management Service * Developer Guide. *

*

* An Amazon VPC endpoint service keeps your communication with KMS in a * private address space entirely within Amazon Web Services, but it * requires more configuration, including establishing a Amazon VPC with * multiple subnets, a VPC endpoint service, a network load balancer, and a * verified private DNS name. A public endpoint is simpler to set up, but it * might be slower and might not fulfill your security requirements. You * might consider testing with a public endpoint, and then establishing a * VPC endpoint service for production tasks. Note that this choice does not * determine the location of the external key store proxy. Even if you * choose a VPC endpoint service, the proxy can be hosted within the VPC or * outside of Amazon Web Services such as in your corporate data center. *

*

* Constraints:
* Allowed Values: PUBLIC_ENDPOINT, VPC_ENDPOINT_SERVICE * * @param xksProxyConnectivity

* Indicates how KMS communicates with the external key store * proxy. This parameter is required for custom key stores with a * CustomKeyStoreType of * EXTERNAL_KEY_STORE. *

*

* If the external key store proxy uses a public endpoint, * specify PUBLIC_ENDPOINT. If the external key * store proxy uses a Amazon VPC endpoint service for * communication with KMS, specify * VPC_ENDPOINT_SERVICE. For help making this * choice, see Choosing a connectivity option in the Key Management * Service Developer Guide. *

*

* An Amazon VPC endpoint service keeps your communication with * KMS in a private address space entirely within Amazon Web * Services, but it requires more configuration, including * establishing a Amazon VPC with multiple subnets, a VPC * endpoint service, a network load balancer, and a verified * private DNS name. A public endpoint is simpler to set up, but * it might be slower and might not fulfill your security * requirements. You might consider testing with a public * endpoint, and then establishing a VPC endpoint service for * production tasks. Note that this choice does not determine the * location of the external key store proxy. Even if you choose a * VPC endpoint service, the proxy can be hosted within the VPC * or outside of Amazon Web Services such as in your corporate * data center. *

* @see XksProxyConnectivityType */ public void setXksProxyConnectivity(XksProxyConnectivityType xksProxyConnectivity) { this.xksProxyConnectivity = xksProxyConnectivity.toString(); } /** *

* Indicates how KMS communicates with the external key store proxy. This * parameter is required for custom key stores with a * CustomKeyStoreType of EXTERNAL_KEY_STORE. *

*

* If the external key store proxy uses a public endpoint, specify * PUBLIC_ENDPOINT. If the external key store proxy uses a * Amazon VPC endpoint service for communication with KMS, specify * VPC_ENDPOINT_SERVICE. For help making this choice, see Choosing a connectivity option in the Key Management Service * Developer Guide. *

*

* An Amazon VPC endpoint service keeps your communication with KMS in a * private address space entirely within Amazon Web Services, but it * requires more configuration, including establishing a Amazon VPC with * multiple subnets, a VPC endpoint service, a network load balancer, and a * verified private DNS name. A public endpoint is simpler to set up, but it * might be slower and might not fulfill your security requirements. You * might consider testing with a public endpoint, and then establishing a * VPC endpoint service for production tasks. Note that this choice does not * determine the location of the external key store proxy. Even if you * choose a VPC endpoint service, the proxy can be hosted within the VPC or * outside of Amazon Web Services such as in your corporate data center. *

*

* Returns a reference to this object so that method calls can be chained * together. *

* Constraints:
* Allowed Values: PUBLIC_ENDPOINT, VPC_ENDPOINT_SERVICE * * @param xksProxyConnectivity

* Indicates how KMS communicates with the external key store * proxy. This parameter is required for custom key stores with a * CustomKeyStoreType of * EXTERNAL_KEY_STORE. *

*

* If the external key store proxy uses a public endpoint, * specify PUBLIC_ENDPOINT. If the external key * store proxy uses a Amazon VPC endpoint service for * communication with KMS, specify * VPC_ENDPOINT_SERVICE. For help making this * choice, see Choosing a connectivity option in the Key Management * Service Developer Guide. *

*

* An Amazon VPC endpoint service keeps your communication with * KMS in a private address space entirely within Amazon Web * Services, but it requires more configuration, including * establishing a Amazon VPC with multiple subnets, a VPC * endpoint service, a network load balancer, and a verified * private DNS name. A public endpoint is simpler to set up, but * it might be slower and might not fulfill your security * requirements. You might consider testing with a public * endpoint, and then establishing a VPC endpoint service for * production tasks. Note that this choice does not determine the * location of the external key store proxy. Even if you choose a * VPC endpoint service, the proxy can be hosted within the VPC * or outside of Amazon Web Services such as in your corporate * data center. *

* @return A reference to this updated object so that method calls can be * chained together. * @see XksProxyConnectivityType */ public CreateCustomKeyStoreRequest withXksProxyConnectivity( XksProxyConnectivityType xksProxyConnectivity) { this.xksProxyConnectivity = xksProxyConnectivity.toString(); return this; } /** * Returns a string representation of this object; useful for testing and * debugging. * * @return A string representation of this object. * @see java.lang.Object#toString() */ @Override public String toString() { StringBuilder sb = new StringBuilder(); sb.append("{"); if (getCustomKeyStoreName() != null) sb.append("CustomKeyStoreName: " + getCustomKeyStoreName() + ","); if (getCloudHsmClusterId() != null) sb.append("CloudHsmClusterId: " + getCloudHsmClusterId() + ","); if (getTrustAnchorCertificate() != null) sb.append("TrustAnchorCertificate: " + getTrustAnchorCertificate() + ","); if (getKeyStorePassword() != null) sb.append("KeyStorePassword: " + getKeyStorePassword() + ","); if (getCustomKeyStoreType() != null) sb.append("CustomKeyStoreType: " + getCustomKeyStoreType() + ","); if (getXksProxyUriEndpoint() != null) sb.append("XksProxyUriEndpoint: " + getXksProxyUriEndpoint() + ","); if (getXksProxyUriPath() != null) sb.append("XksProxyUriPath: " + getXksProxyUriPath() + ","); if (getXksProxyVpcEndpointServiceName() != null) sb.append("XksProxyVpcEndpointServiceName: " + getXksProxyVpcEndpointServiceName() + ","); if (getXksProxyAuthenticationCredential() != null) sb.append("XksProxyAuthenticationCredential: " + getXksProxyAuthenticationCredential() + ","); if (getXksProxyConnectivity() != null) sb.append("XksProxyConnectivity: " + getXksProxyConnectivity()); sb.append("}"); return sb.toString(); } @Override public int hashCode() { final int prime = 31; int hashCode = 1; hashCode = prime * hashCode + ((getCustomKeyStoreName() == null) ? 0 : getCustomKeyStoreName().hashCode()); hashCode = prime * hashCode + ((getCloudHsmClusterId() == null) ? 0 : getCloudHsmClusterId().hashCode()); hashCode = prime * hashCode + ((getTrustAnchorCertificate() == null) ? 0 : getTrustAnchorCertificate() .hashCode()); hashCode = prime * hashCode + ((getKeyStorePassword() == null) ? 0 : getKeyStorePassword().hashCode()); hashCode = prime * hashCode + ((getCustomKeyStoreType() == null) ? 0 : getCustomKeyStoreType().hashCode()); hashCode = prime * hashCode + ((getXksProxyUriEndpoint() == null) ? 0 : getXksProxyUriEndpoint().hashCode()); hashCode = prime * hashCode + ((getXksProxyUriPath() == null) ? 0 : getXksProxyUriPath().hashCode()); hashCode = prime * hashCode + ((getXksProxyVpcEndpointServiceName() == null) ? 0 : getXksProxyVpcEndpointServiceName().hashCode()); hashCode = prime * hashCode + ((getXksProxyAuthenticationCredential() == null) ? 0 : getXksProxyAuthenticationCredential().hashCode()); hashCode = prime * hashCode + ((getXksProxyConnectivity() == null) ? 0 : getXksProxyConnectivity().hashCode()); return hashCode; } @Override public boolean equals(Object obj) { if (this == obj) return true; if (obj == null) return false; if (obj instanceof CreateCustomKeyStoreRequest == false) return false; CreateCustomKeyStoreRequest other = (CreateCustomKeyStoreRequest) obj; if (other.getCustomKeyStoreName() == null ^ this.getCustomKeyStoreName() == null) return false; if (other.getCustomKeyStoreName() != null && other.getCustomKeyStoreName().equals(this.getCustomKeyStoreName()) == false) return false; if (other.getCloudHsmClusterId() == null ^ this.getCloudHsmClusterId() == null) return false; if (other.getCloudHsmClusterId() != null && other.getCloudHsmClusterId().equals(this.getCloudHsmClusterId()) == false) return false; if (other.getTrustAnchorCertificate() == null ^ this.getTrustAnchorCertificate() == null) return false; if (other.getTrustAnchorCertificate() != null && other.getTrustAnchorCertificate().equals(this.getTrustAnchorCertificate()) == false) return false; if (other.getKeyStorePassword() == null ^ this.getKeyStorePassword() == null) return false; if (other.getKeyStorePassword() != null && other.getKeyStorePassword().equals(this.getKeyStorePassword()) == false) return false; if (other.getCustomKeyStoreType() == null ^ this.getCustomKeyStoreType() == null) return false; if (other.getCustomKeyStoreType() != null && other.getCustomKeyStoreType().equals(this.getCustomKeyStoreType()) == false) return false; if (other.getXksProxyUriEndpoint() == null ^ this.getXksProxyUriEndpoint() == null) return false; if (other.getXksProxyUriEndpoint() != null && other.getXksProxyUriEndpoint().equals(this.getXksProxyUriEndpoint()) == false) return false; if (other.getXksProxyUriPath() == null ^ this.getXksProxyUriPath() == null) return false; if (other.getXksProxyUriPath() != null && other.getXksProxyUriPath().equals(this.getXksProxyUriPath()) == false) return false; if (other.getXksProxyVpcEndpointServiceName() == null ^ this.getXksProxyVpcEndpointServiceName() == null) return false; if (other.getXksProxyVpcEndpointServiceName() != null && other.getXksProxyVpcEndpointServiceName().equals( this.getXksProxyVpcEndpointServiceName()) == false) return false; if (other.getXksProxyAuthenticationCredential() == null ^ this.getXksProxyAuthenticationCredential() == null) return false; if (other.getXksProxyAuthenticationCredential() != null && other.getXksProxyAuthenticationCredential().equals( this.getXksProxyAuthenticationCredential()) == false) return false; if (other.getXksProxyConnectivity() == null ^ this.getXksProxyConnectivity() == null) return false; if (other.getXksProxyConnectivity() != null && other.getXksProxyConnectivity().equals(this.getXksProxyConnectivity()) == false) return false; return true; } }