Contains metadata about a customer master key (CMK).

This data type is used as a response element for the CreateKey and DescribeKey operations.

KeyMetadata is referenced in 1 repository


	// The default value is false.
	BypassPolicyLockoutSafetyCheck *bool `type:"boolean"`

	// A description of the CMK.
	// Use a description that helps you decide whether the CMK is appropriate for
	// a task.
	Description *string `type:"string"`

	// The intended use of the CMK.
	// You can use CMKs only for symmetric encryption and decryption.
	KeyUsage *string `type:"string" enum:"KeyUsageType"`

	// The source of the CMK's key material.
	// The default is AWS_KMS, which means AWS KMS creates the key material. When
	// this parameter is set to EXTERNAL, the request creates a CMK without key
	// material so that you can import key material from your existing key management
	// infrastructure. For more information about importing key material into AWS
	// KMS, see Importing Key Material (
	// in the AWS Key Management Service Developer Guide.
	// The CMK's Origin is immutable and is set when the CMK is created.
	Origin *string `type:"string" enum:"OriginType"`

	// The key policy to attach to the CMK.
	// If you specify a policy and do not set BypassPolicyLockoutSafetyCheck to
	// true, the policy must meet the following criteria:
	//   It must allow the principal making the CreateKey request to make a subsequent
	// PutKeyPolicy request on the CMK. This reduces the likelihood that the CMK
	// becomes unmanageable. For more information, refer to the scenario in the
	// Default Key Policy (
	// section in the AWS Key Management Service Developer Guide.
	//   The principal(s) specified in the key policy must exist and be visible
	// to AWS KMS. When you create a new AWS principal (for example, an IAM user
	// or role), you might need to enforce a delay before specifying the new principal
	// in a key policy because the new principal might not immediately be visible
	// to AWS KMS. For more information, see Changes that I make are not always
	// immediately visible (
	// in the IAM User Guide.
	//   If you do not specify a policy, AWS KMS attaches a default key policy
	// to the CMK. For more information, see Default Key Policy (
	// in the AWS Key Management Service Developer Guide.
	// The policy size limit is 32 KiB (32768 bytes).
	Policy *string `min:"1" type:"string"`

// String returns the string representation
func (s CreateKeyInput) String() string {