本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
ScheduleKeyDeletion
搭配使用 Amazon SDK或 CLI
以下代码示例演示如何使用 ScheduleKeyDeletion
。
操作示例是大型程序的代码摘录,必须在上下文中运行。您可以在以下代码示例中查看此操作的上下文:
- CLI
-
- Amazon CLI
-
安排删除客户管理的KMS密钥。
以下
schedule-key-deletion
示例计划在 15 天后删除指定的客户托管KMS密钥。该
--key-id
参数用于标识KMS密钥。此示例使用密钥ARN值,但您可以使用密钥 ID 或密钥ARN的密钥。该--pending-window-in-days
参数KMS指定 7-30 天等待期的长度。默认的等待期限为 30 天。此示例将值指定为 15,这说明了 Amazon 在命令完成 15 天后永久删除KMS密钥。aws kms schedule-key-deletion \ --key-id arn:aws:kms:us-west-2:123456789012:key/1234abcd-12ab-34cd-56ef-1234567890ab \ --pending-window-in-days 15
响应包括密钥ARN、密钥状态、等待期 (
PendingWindowInDays
) 和以 Unix 时间表示的删除日期。要以当地时间查看删除日期,请使用 Amazon KMS控制台。KMS处于密PendingDeletion
钥状态的密钥不能用于加密操作。{ "KeyId": "arn:aws:kms:us-west-2:123456789012:key/1234abcd-12ab-34cd-56ef-1234567890ab", "DeletionDate": "2022-06-18T23:43:51.272000+00:00", "KeyState": "PendingDeletion", "PendingWindowInDays": 15 }
有关更多信息,请参阅中的删除密钥 Amazon 密钥管理服务开发人员指南。
-
有关API详细信息,请参阅ScheduleKeyDeletion
中的 Amazon CLI 命令参考。
-
- Java
-
- SDK适用于 Java 2.x
-
注意
还有更多相关信息 GitHub。在中查找完整的示例,学习如何设置和运行 Amazon 代码示例存储库
。 /** * Deletes a KMS key asynchronously. * * <p><strong>Warning:</strong> Deleting a KMS key is a destructive and potentially dangerous operation. * When a KMS key is deleted, all data that was encrypted under the KMS key becomes unrecoverable. * This means that any files, databases, or other data that were encrypted using the deleted KMS key * will become permanently inaccessible. Exercise extreme caution when deleting KMS keys.</p> * * @param keyId the ID of the KMS key to delete * @return a {@link CompletableFuture} that completes when the key deletion is scheduled */ public CompletableFuture<Void> deleteKeyAsync(String keyId) { ScheduleKeyDeletionRequest deletionRequest = ScheduleKeyDeletionRequest.builder() .keyId(keyId) .pendingWindowInDays(7) .build(); return getAsyncClient().scheduleKeyDeletion(deletionRequest) .thenRun(() -> { logger.info("Key {} will be deleted in 7 days", keyId); }) .exceptionally(throwable -> { throw new RuntimeException("Failed to schedule key deletion for key ID: " + keyId, throwable); }); }
-
有关API详细信息,请参阅ScheduleKeyDeletion中的 Amazon SDK for Java 2.x API参考。
-
- Python
-
- SDK适用于 Python (Boto3)
-
注意
还有更多相关信息 GitHub。在中查找完整的示例,学习如何设置和运行 Amazon 代码示例存储库
。 class KeyManager: def __init__(self, kms_client): self.kms_client = kms_client self.created_keys = [] def delete_keys(self, keys): """ Deletes a list of keys. Warning: Deleting a KMS key is a destructive and potentially dangerous operation. When a KMS key is deleted, all data that was encrypted under the KMS key is unrecoverable. :param keys: The list of keys to delete. """ print(""" Warning: Deleting a KMS key is a destructive and potentially dangerous operation. When a KMS key is deleted, all data that was encrypted under the KMS key is unrecoverable. """) answer = input("Do you want to delete these keys (y/n)? ") if answer.lower() == "y": window = 7 for key in keys: try: self.kms_client.schedule_key_deletion( KeyId=key["KeyId"], PendingWindowInDays=window ) except ClientError as err: logging.error( "Couldn't delete key %s. Here's why: %s", key["KeyId"], err.response["Error"]["Message"], ) else: print( f"Key {key['KeyId']} scheduled for deletion in {window} days." )
-
有关API详细信息,请参阅ScheduleKeyDeletion中的 Amazon SDK供参考 Python (Boto3) API。
-
有关完整列表 Amazon SDK开发者指南和代码示例,请参阅使用 Amazon KMS 用一个 Amazon SDK。本主题还包括有关入门的信息以及有关先前SDK版本的详细信息。