本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
ScheduleKeyDeletion 搭配 AWS SDK或 使用 CLI
下列程式碼範例示範如何使用 ScheduleKeyDeletion。
動作範例是大型程式的程式碼摘錄,必須在內容中執行。您可以在下列程式碼範例的內容中看到此動作:
- CLI
-
- AWS CLI
-
排程刪除客戶受管KMS金鑰。
下列
schedule-key-deletion範例會排程要在 15 天內刪除的指定客戶受管KMS金鑰。--key-id參數會識別KMS金鑰。此範例使用金鑰ARN值,但您可以使用金鑰 ID 或KMS金鑰ARN的 。--pending-window-in-days參數會指定 7-30 天等待期的長度。根據預設,等待期為 30 天。此範例會指定 15 的值,該值 AWS 會在命令完成後 15 天永久刪除KMS金鑰。aws kms schedule-key-deletion \ --key-id arn:aws:kms:us-west-2:123456789012:key/1234abcd-12ab-34cd-56ef-1234567890ab \ --pending-window-in-days 15回應包含金鑰 ARN、金鑰狀態、等待期間 (
PendingWindowInDays) 和刪除日期,以 Unix 時間為單位。若要在本機時間檢視刪除日期,請使用 AWS KMS 主控台。KMSPendingDeletion金鑰狀態的金鑰無法在密碼編譯操作中使用。{ "KeyId": "arn:aws:kms:us-west-2:123456789012:key/1234abcd-12ab-34cd-56ef-1234567890ab", "DeletionDate": "2022-06-18T23:43:51.272000+00:00", "KeyState": "PendingDeletion", "PendingWindowInDays": 15 }如需詳細資訊,請參閱 AWS Key Management Service 開發人員指南中的刪除金鑰。
-
如需API詳細資訊,請參閱 命令參考 ScheduleKeyDeletion
中的 。 AWS CLI
-
- Java
-
- SDK 適用於 Java 2.x
-
注意
還有更多 。 GitHub尋找完整範例,並了解如何在 AWS 程式碼範例儲存庫
中設定和執行。 /** * Deletes a KMS key asynchronously. * * <p><strong>Warning:</strong> Deleting a KMS key is a destructive and potentially dangerous operation. * When a KMS key is deleted, all data that was encrypted under the KMS key becomes unrecoverable. * This means that any files, databases, or other data that were encrypted using the deleted KMS key * will become permanently inaccessible. Exercise extreme caution when deleting KMS keys.</p> * * @param keyId the ID of the KMS key to delete * @return a {@link CompletableFuture} that completes when the key deletion is scheduled */ public CompletableFuture<Void> deleteKeyAsync(String keyId) { ScheduleKeyDeletionRequest deletionRequest = ScheduleKeyDeletionRequest.builder() .keyId(keyId) .pendingWindowInDays(7) .build(); return getAsyncClient().scheduleKeyDeletion(deletionRequest) .thenRun(() -> { logger.info("Key {} will be deleted in 7 days", keyId); }) .exceptionally(throwable -> { throw new RuntimeException("Failed to schedule key deletion for key ID: " + keyId, throwable); }); }-
如需API詳細資訊,請參閱 參考 ScheduleKeyDeletion中的 。 AWS SDK for Java 2.x API
-
- PHP
-
- 適用於 PHP 的 SDK
-
注意
還有更多 。 GitHub尋找完整範例,並了解如何在 AWS 程式碼範例儲存庫
中設定和執行。 /*** * @param string $keyId * @param int $pendingWindowInDays * @return void */ public function scheduleKeyDeletion(string $keyId, int $pendingWindowInDays = 7) { try { $this->client->scheduleKeyDeletion([ 'KeyId' => $keyId, 'PendingWindowInDays' => $pendingWindowInDays, ]); }catch(KmsException $caught){ echo "There was a problem scheduling the key deletion: {$caught->getAwsErrorMessage()}\n"; throw $caught; } }-
如需API詳細資訊,請參閱 參考 ScheduleKeyDeletion中的 。 AWS SDK for PHP API
-
- Python
-
- SDK for Python (Boto3)
-
注意
還有更多 。 GitHub尋找完整範例,並了解如何在 AWS 程式碼範例儲存庫
中設定和執行。 class KeyManager: def __init__(self, kms_client): self.kms_client = kms_client self.created_keys = [] @classmethod def from_client(cls) -> "KeyManager": """ Creates a KeyManager instance with a default KMS client. :return: An instance of KeyManager initialized with the default KMS client. """ kms_client = boto3.client("kms") return cls(kms_client) def delete_key(self, key_id: str, window: int) -> None: """ Deletes a list of keys. Warning: Deleting a KMS key is a destructive and potentially dangerous operation. When a KMS key is deleted, all data that was encrypted under the KMS key is unrecoverable. :param key_id: The ARN or ID of the key to delete. :param window: The waiting period, in days, before the KMS key is deleted. """ try: self.kms_client.schedule_key_deletion( KeyId=key_id, PendingWindowInDays=window ) except ClientError as err: logging.error( "Couldn't delete key %s. Here's why: %s", key_id, err.response["Error"]["Message"], ) raise-
如需API詳細資訊,請參閱 ScheduleKeyDeletion 中的 AWS SDK for Python (Boto3) API參考 。
-
如需開發人員指南和程式碼範例的完整清單 AWS SDK,請參閱 將此服務與 搭配使用 AWS SDK。本主題也包含有關入門的資訊,以及先前SDK版本的詳細資訊。
