* Schedules the deletion of a KMS key. By default, KMS applies a waiting period
* of 30 days, but you can specify a waiting period of 7-30 days. When this
* operation is successful, the key state of the KMS key changes to
* PendingDeletion and the key can't be used in any cryptographic
* operations. It remains in this state for the duration of the waiting period.
* Before the waiting period ends, you can use CancelKeyDeletion to
* cancel the deletion of the KMS key. After the waiting period ends, KMS
* deletes the KMS key, its key material, and all KMS data associated with it,
* including all aliases that refer to it.
*
* Deleting a KMS key is a destructive and potentially dangerous operation. When * a KMS key is deleted, all data that was encrypted under the KMS key is * unrecoverable. (The only exception is a multi-Region * replica key, or an asymmetric or HMAC KMS key with imported key material.) To prevent the * use of a KMS key without deleting it, use DisableKey. *
*
* You can schedule the deletion of a multi-Region primary key and its replica
* keys at any time. However, KMS will not delete a multi-Region primary key
* with existing replica keys. If you schedule the deletion of a primary key
* with replicas, its key state changes to PendingReplicaDeletion
* and it cannot be replicated or used in cryptographic operations. This status
* can continue indefinitely. When the last of its replicas keys is deleted (not
* just scheduled), the key state of the primary key changes to
* PendingDeletion and its waiting period (
* PendingWindowInDays) begins. For details, see Deleting multi-Region keys in the Key Management Service Developer
* Guide.
*
* When KMS deletes a KMS key from an CloudHSM key store, it makes a best effort to * delete the associated key material from the associated CloudHSM cluster. * However, you might need to manually delete the orphaned key material from the cluster and its backups. Deleting a KMS key from an external key store has no effect on the * associated external key. However, for both types of custom key stores, * deleting a KMS key is destructive and irreversible. You cannot decrypt * ciphertext encrypted under the KMS key by using only its associated external * key or CloudHSM key. Also, you cannot recreate a KMS key in an external key * store by creating a new KMS key with the same key material. *
** For more information about scheduling a KMS key for deletion, see Deleting KMS keys in the Key Management Service Developer Guide. *
** The KMS key that you use for this operation must be in a compatible key * state. For details, see Key states of KMS keys in the Key Management Service Developer * Guide. *
** Cross-account use: No. You cannot perform this operation on a KMS key * in a different Amazon Web Services account. *
** Required permissions: kms:ScheduleKeyDeletion (key policy) *
** Related operations *
** DisableKey *
** The unique identifier of the KMS key to delete. *
** Specify the key ID or key ARN of the KMS key. *
** For example: *
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
* Key ARN:
* arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
* To get the key ID and key ARN for a KMS key, use ListKeys or * DescribeKey. *
*
* Constraints:
* Length: 1 - 2048
*/
private String keyId;
/**
*
* The waiting period, specified in number of days. After the waiting period * ends, KMS deletes the KMS key. *
** If the KMS key is a multi-Region primary key with replica keys, the * waiting period begins when the last of its replica keys is deleted. * Otherwise, the waiting period begins immediately. *
*
* This value is optional. If you include a value, it must be between 7 and
* 30, inclusive. If you do not include a value, it defaults to 30. You can
* use the kms:ScheduleKeyDeletionPendingWindowInDays condition
* key to further constrain the values that principals can specify in the
* PendingWindowInDays parameter.
*
* Constraints:
* Range: 1 - 365
*/
private Integer pendingWindowInDays;
/**
*
* The unique identifier of the KMS key to delete. *
** Specify the key ID or key ARN of the KMS key. *
** For example: *
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
* Key ARN:
* arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
* To get the key ID and key ARN for a KMS key, use ListKeys or * DescribeKey. *
*
* Constraints:
* Length: 1 - 2048
*
* @return
* The unique identifier of the KMS key to delete. *
** Specify the key ID or key ARN of the KMS key. *
** For example: *
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
* Key ARN:
* arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
* To get the key ID and key ARN for a KMS key, use ListKeys * or DescribeKey. *
*/ public String getKeyId() { return keyId; } /** ** The unique identifier of the KMS key to delete. *
** Specify the key ID or key ARN of the KMS key. *
** For example: *
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
* Key ARN:
* arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
* To get the key ID and key ARN for a KMS key, use ListKeys or * DescribeKey. *
*
* Constraints:
* Length: 1 - 2048
*
* @param keyId
* The unique identifier of the KMS key to delete. *
** Specify the key ID or key ARN of the KMS key. *
** For example: *
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
* Key ARN:
* arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
* To get the key ID and key ARN for a KMS key, use * ListKeys or DescribeKey. *
*/ public void setKeyId(String keyId) { this.keyId = keyId; } /** ** The unique identifier of the KMS key to delete. *
** Specify the key ID or key ARN of the KMS key. *
** For example: *
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
* Key ARN:
* arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
* To get the key ID and key ARN for a KMS key, use ListKeys or * DescribeKey. *
** Returns a reference to this object so that method calls can be chained * together. *
* Constraints:
* Length: 1 - 2048
*
* @param keyId
* The unique identifier of the KMS key to delete. *
** Specify the key ID or key ARN of the KMS key. *
** For example: *
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
* Key ARN:
* arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
* To get the key ID and key ARN for a KMS key, use * ListKeys or DescribeKey. *
* @return A reference to this updated object so that method calls can be * chained together. */ public ScheduleKeyDeletionRequest withKeyId(String keyId) { this.keyId = keyId; return this; } /** ** The waiting period, specified in number of days. After the waiting period * ends, KMS deletes the KMS key. *
** If the KMS key is a multi-Region primary key with replica keys, the * waiting period begins when the last of its replica keys is deleted. * Otherwise, the waiting period begins immediately. *
*
* This value is optional. If you include a value, it must be between 7 and
* 30, inclusive. If you do not include a value, it defaults to 30. You can
* use the kms:ScheduleKeyDeletionPendingWindowInDays condition
* key to further constrain the values that principals can specify in the
* PendingWindowInDays parameter.
*
* Constraints:
* Range: 1 - 365
*
* @return
* The waiting period, specified in number of days. After the * waiting period ends, KMS deletes the KMS key. *
** If the KMS key is a multi-Region primary key with replica keys, * the waiting period begins when the last of its replica keys is * deleted. Otherwise, the waiting period begins immediately. *
*
* This value is optional. If you include a value, it must be
* between 7 and 30, inclusive. If you do not include a value, it
* defaults to 30. You can use the kms:ScheduleKeyDeletionPendingWindowInDays
* condition key to further constrain the values that principals can
* specify in the PendingWindowInDays parameter.
*
* The waiting period, specified in number of days. After the waiting period * ends, KMS deletes the KMS key. *
** If the KMS key is a multi-Region primary key with replica keys, the * waiting period begins when the last of its replica keys is deleted. * Otherwise, the waiting period begins immediately. *
*
* This value is optional. If you include a value, it must be between 7 and
* 30, inclusive. If you do not include a value, it defaults to 30. You can
* use the kms:ScheduleKeyDeletionPendingWindowInDays condition
* key to further constrain the values that principals can specify in the
* PendingWindowInDays parameter.
*
* Constraints:
* Range: 1 - 365
*
* @param pendingWindowInDays
* The waiting period, specified in number of days. After the * waiting period ends, KMS deletes the KMS key. *
** If the KMS key is a multi-Region primary key with replica * keys, the waiting period begins when the last of its replica * keys is deleted. Otherwise, the waiting period begins * immediately. *
*
* This value is optional. If you include a value, it must be
* between 7 and 30, inclusive. If you do not include a value, it
* defaults to 30. You can use the kms:ScheduleKeyDeletionPendingWindowInDays
* condition key to further constrain the values that principals
* can specify in the PendingWindowInDays parameter.
*
* The waiting period, specified in number of days. After the waiting period * ends, KMS deletes the KMS key. *
** If the KMS key is a multi-Region primary key with replica keys, the * waiting period begins when the last of its replica keys is deleted. * Otherwise, the waiting period begins immediately. *
*
* This value is optional. If you include a value, it must be between 7 and
* 30, inclusive. If you do not include a value, it defaults to 30. You can
* use the kms:ScheduleKeyDeletionPendingWindowInDays condition
* key to further constrain the values that principals can specify in the
* PendingWindowInDays parameter.
*
* Returns a reference to this object so that method calls can be chained * together. *
* Constraints:
* Range: 1 - 365
*
* @param pendingWindowInDays
* The waiting period, specified in number of days. After the * waiting period ends, KMS deletes the KMS key. *
** If the KMS key is a multi-Region primary key with replica * keys, the waiting period begins when the last of its replica * keys is deleted. Otherwise, the waiting period begins * immediately. *
*
* This value is optional. If you include a value, it must be
* between 7 and 30, inclusive. If you do not include a value, it
* defaults to 30. You can use the kms:ScheduleKeyDeletionPendingWindowInDays
* condition key to further constrain the values that principals
* can specify in the PendingWindowInDays parameter.
*