disableKey method

Future<void> disableKey({
  1. required String keyId,
})

Sets the state of a KMS key to disabled. This change temporarily prevents use of the KMS key for cryptographic operations.

The KMS key that you use for this operation must be in a compatible key state. For more information about how key state affects the use of a KMS key, see Key states of KMS keys in the Key Management Service Developer Guide .

Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

Required permissions: kms:DisableKey (key policy)

Related operations: EnableKey

Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

May throw DependencyTimeoutException. May throw InvalidArnException. May throw KMSInternalException. May throw KMSInvalidStateException. May throw NotFoundException.

Parameter keyId : Identifies the KMS key to disable.

Specify the key ID or key ARN of the KMS key.

For example:

  • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
  • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.

Implementation

Future<void> disableKey({
  required String keyId,
}) async {
  final headers = <String, String>{
    'Content-Type': 'application/x-amz-json-1.1',
    'X-Amz-Target': 'TrentService.DisableKey'
  };
  await _protocol.send(
    method: 'POST',
    requestUri: '/',
    exceptionFnMap: _exceptionFns,
    // TODO queryParams
    headers: headers,
    payload: {
      'KeyId': keyId,
    },
  );
}