Use EnableKey with an AWS SDK or CLI
The following code examples show how to use EnableKey.
Action examples are code excerpts from larger programs and must be run in context. You can see this action in context in the following code example:
- .NET
-
- AWS SDK for .NET
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. using System; using System.Threading.Tasks; using Amazon.KeyManagementService; using Amazon.KeyManagementService.Model; /// <summary> /// Enable an AWS Key Management Service (AWS KMS) key. /// </summary> public class EnableKey { public static async Task Main() { var client = new AmazonKeyManagementServiceClient(); // The identifier of the AWS KMS key to enable. You can use the // key Id or the Amazon Resource Name (ARN) of the AWS KMS key. var keyId = "1234abcd-12ab-34cd-56ef-1234567890ab"; var request = new EnableKeyRequest { KeyId = keyId, }; var response = await client.EnableKeyAsync(request); if (response.HttpStatusCode == System.Net.HttpStatusCode.OK) { // Retrieve information about the key to show that it has now // been enabled. var describeResponse = await client.DescribeKeyAsync(new DescribeKeyRequest { KeyId = keyId, }); Console.WriteLine($"{describeResponse.KeyMetadata.KeyId} - state: {describeResponse.KeyMetadata.KeyState}"); } } }-
For API details, see EnableKey in AWS SDK for .NET API Reference.
-
- CLI
-
- AWS CLI
-
To enable a KMS key
The following
enable-keyexample enables a customer managed key. You can use a command like this one to enable a KMS key that you temporarily disabled by using thedisable-keycommand. You can also use it to enable a KMS key that is disabled because it was scheduled for deletion and the deletion was canceled.To specify the KMS key, use the
key-idparameter. This example uses an key ID value, but you can use a key ID or key ARN value in this command.Before running this command, replace the example key ID with a valid one.
aws kms enable-key \ --key-id1234abcd-12ab-34cd-56ef-1234567890abThis command produces no output. To verify that the KMS key is enabled, use the
describe-keycommand. See the values of theKeyStateandEnabledfields in thedescribe-keyoutput.For more information, see Enabling and Disabling Keys in the AWS Key Management Service Developer Guide.
-
For API details, see EnableKey
in AWS CLI Command Reference.
-
- Java
-
- SDK for Java 2.x
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. /** * Asynchronously enables the specified key. * * @param keyId the ID of the key to enable * @return a {@link CompletableFuture} that completes when the key has been enabled */ public CompletableFuture<Void> enableKeyAsync(String keyId) { EnableKeyRequest enableKeyRequest = EnableKeyRequest.builder() .keyId(keyId) .build(); CompletableFuture<EnableKeyResponse> responseFuture = getAsyncClient().enableKey(enableKeyRequest); responseFuture.whenComplete((response, exception) -> { if (exception == null) { logger.info("Key with ID [{}] has been enabled.", keyId); } else { if (exception instanceof KmsException kmsEx) { throw new RuntimeException("KMS error occurred while enabling key: " + kmsEx.getMessage(), kmsEx); } else { throw new RuntimeException("An unexpected error occurred while enabling key: " + exception.getMessage(), exception); } } }); return responseFuture.thenApply(response -> null); }-
For API details, see EnableKey in AWS SDK for Java 2.x API Reference.
-
- Kotlin
-
- SDK for Kotlin
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. suspend fun enableKey(keyIdVal: String?) { val request = EnableKeyRequest { keyId = keyIdVal } KmsClient { region = "us-west-2" }.use { kmsClient -> kmsClient.enableKey(request) println("$keyIdVal was successfully enabled.") } }-
For API details, see EnableKey
in AWS SDK for Kotlin API reference.
-
- PHP
-
- SDK for PHP
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. /*** * @param string $keyId * @return void */ public function enableKey(string $keyId) { try { $this->client->enableKey([ 'KeyId' => $keyId, ]); }catch(KmsException $caught){ if($caught->getAwsErrorMessage() == "NotFoundException"){ echo "The request was rejected because the specified entity or resource could not be found.\n"; } throw $caught; } }-
For API details, see EnableKey in AWS SDK for PHP API Reference.
-
- Python
-
- SDK for Python (Boto3)
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. class KeyManager: def __init__(self, kms_client): self.kms_client = kms_client self.created_keys = [] @classmethod def from_client(cls) -> "KeyManager": """ Creates a KeyManager instance with a default KMS client. :return: An instance of KeyManager initialized with the default KMS client. """ kms_client = boto3.client("kms") return cls(kms_client) def enable_key(self, key_id: str) -> None: """ Enables a key. Gets the key state after each state change. :param key_id: The ARN or ID of the key to enable. """ try: self.kms_client.enable_key(KeyId=key_id) except ClientError as err: logging.error( "Couldn't enable key '%s'. Here's why: %s", key_id, err.response["Error"]["Message"], ) raise-
For API details, see EnableKey in AWS SDK for Python (Boto3) API Reference.
-
For a complete list of AWS SDK developer guides and code examples, see Using this service with an AWS SDK. This topic also includes information about getting started and details about previous SDK versions.
