在Key Management Service(KMS)中,您的每個主要金鑰都擁有啟用(Enabled)、禁用(Disabled)、待刪除(PendingDeletion)三個狀態。
如果密鑰是外部金鑰(使用者內建密鑰,即DescribeKey中Origin為EXTERNAL的),還可能處於待匯入(PendingImport)狀態。
通常情況下,建立的主要金鑰預設處於啟用狀態。當建立一個外部金鑰時會處於等待匯入狀態。
只有處於啟用狀態的密鑰才可以用於加密、解密操作。其它API根據密鑰狀態的不同,會有不同的返回結果。
處於待刪除(PendingDeletion)狀態的密鑰,在預刪除時間過後,會被永久刪除。
密鑰狀態與API調用期望返回結果如下表所示。
| 期望結果 | HttpStatusCode |
| Success | 200 |
| Rejected.Enabled | 409 |
| Rejected.Disabled | 409 |
| Rejected.PendingDeletion | 409 |
| Rejected.PendingImport | 409 |
| Rejected.StateModifiedFailed | 409 |
普通API
| API | 啟用(Enabled) | 禁用(Disabled) | 待刪除(PendingDeletion) | 待匯入(PendingImport) |
| CreateKey | Success | Success | Success | Success |
| GenerateDataKey | Success | Rejected.Disabled | Rejected.PendingDeletion | Rejected.PendingImport |
| GenerateDataKeyWithoutPlaintext | Success | Rejected.Disabled | Rejected.PendingDeletion | Rejected.PendingImport |
| Encrypt | Success | Rejected.Disabled | Rejected.PendingDeletion | Rejected.PendingImport |
| Decrypt | Success | Rejected.Disabled | Rejected.PendingDeletion | Rejected.PendingImport |
| ListKeys | Success | Success | Success | Success |
| DescribeKey | Success | Success | Success | Success |
| UpdateKeyDescription | Success | Success | Rejected.PendingDeletion | Success |
| EnableKey | Success | Success | Rejected.StateModifiedFailed | Rejected.StateModifiedFailed |
| DisableKey | Success | Success | Rejected.StateModifiedFailed | Rejected.StateModifiedFailed |
| ScheduleKeyDeletion | Success | Success | Rejected.StateModifiedFailed | Success |
| CancelKeyDeletion | Rejected.StateModifiedFailed | Rejected.StateModifiedFailed | Success | Rejected.StateModifiedFailed |
| CreateAlias | Success | Success | Rejected.StateModifiedFailed | Success |
| DeleteAlias | Success | Success | Success | Success |
| ListAliases | Success | Success | Success | Success |
| TagResource | Success | Success | Rejected.PendingDeletion | Success |
| UntagResource | Success | Success | Rejected.PendingDeletion | Success |
| ListResourceTags | Success | Success | Success | Success |
| DescribeKeyVersion | Success | Success | Success | Success |
| ListKeyVersions | Success | Success | Success | Success |
| UpdateRotationPolicy | Success | Rejected.Disabled | Rejected.PendingDeletion | Rejected.PendingImport |
特殊API
UpdateAlias:
- 只受到目標密鑰的狀態影響,與原密鑰狀態無關。
- 當目標密鑰處於待刪除狀態時,返回
Rejected.PendingDeletion,否則返回Success。
外部金鑰專屬API
| API | 啟用(Enabled) | 禁用(Disabled) | 待刪除(PendingDeletion) | 待匯入(PendingImport) |
| GetParametersForImport | Success | Success | Success | Success |
| ImportKeyMaterial | Success | Success | Rejected.StateModifiedFailed | Success |
| DeleteKeyMaterial | Success | Success | Success | Success |