在密鑰管理服務(KMS)中,您的每個主密鑰都擁有啟用(Enabled)、禁用(Disabled)、待刪除(PendingDeletion)三個狀態。

如果密鑰是外部密鑰(用戶自帶密鑰,即DescribeKeyOriginEXTERNAL的),還可能處于待導入(PendingImport)狀態。

通常情況下,新建的主密鑰默認處于啟用狀態。當新建一個外部密鑰時會處于等待導入狀態。

只有處于啟用狀態的密鑰才可以用于加密、解密操作。其它API根據密鑰狀態的不同,會有不同的返回結果。

處于待刪除(PendingDeletion)狀態的密鑰,在預刪除時間過后,會被永久刪除。

密鑰狀態與API調用期望返回結果如下表所示。
期望結果 HttpStatusCode
Success 200
Rejected.Enabled 409
Rejected.Disabled 409
Rejected.PendingDeletion 409
Rejected.PendingImport 409
Rejected.StateModifiedFailed 409

普通API

API 啟用(Enabled) 禁用(Disabled) 待刪除(PendingDeletion) 待導入(PendingImport)
CreateKey Success Success Success Success
GenerateDataKey Success Rejected.Disabled Rejected.PendingDeletion Rejected.PendingImport
GenerateDataKeyWithoutPlaintext Success Rejected.Disabled Rejected.PendingDeletion Rejected.PendingImport
Encrypt Success Rejected.Disabled Rejected.PendingDeletion Rejected.PendingImport
Decrypt Success Rejected.Disabled Rejected.PendingDeletion Rejected.PendingImport
ListKeys Success Success Success Success
DescribeKey Success Success Success Success
UpdateKeyDescription Success Success Rejected.PendingDeletion Success
EnableKey Success Success Rejected.StateModifiedFailed Rejected.StateModifiedFailed
DisableKey Success Success Rejected.StateModifiedFailed Rejected.StateModifiedFailed
ScheduleKeyDeletion Success Success Rejected.StateModifiedFailed Success
CancelKeyDeletion Rejected.StateModifiedFailed Rejected.StateModifiedFailed Success Rejected.StateModifiedFailed
CreateAlias Success Success Rejected.StateModifiedFailed Success
DeleteAlias Success Success Success Success
ListAliases Success Success Success Success
TagResource Success Success Rejected.PendingDeletion Success
UntagResource Success Success Rejected.PendingDeletion Success
ListResourceTags Success Success Success Success
DescribeKeyVersion Success Success Success Success
ListKeyVersions Success Success Success Success
UpdateRotationPolicy Success Rejected.Disabled Rejected.PendingDeletion Rejected.PendingImport

特殊API

UpdateAlias
  • 只受到目標密鑰的狀態影響,與原密鑰狀態無關。
  • 當目標密鑰處于待刪除狀態時,返回Rejected.PendingDeletion,否則返回Success。
外部密鑰專屬API
API 啟用(Enabled) 禁用(Disabled) 待刪除(PendingDeletion) 待導入(PendingImport)
GetParametersForImport Success Success Success Success
ImportKeyMaterial Success Success Rejected.StateModifiedFailed Success
DeleteKeyMaterial Success Success Success Success